umbral | b9395c6223dd34cdd95dd5c298eb609a806b12f2f2bcf9b0932b47ab564ee591

Analysis

max time kernel
33s
max time network
281s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 19:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

start.exe
Size

192KB
MD5

066f7f594bf6f254748bc19562dd1bc3
SHA1

313883f4a7fbfc3c60b153492aeefb927c5d5694
SHA256

9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e
SHA512

04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca
SSDEEP

6144:i0mlbUZ0lzEhoPkoaHOw4D/dB8H2HSZRw5:0aCESPkpHNi/bX

Score

10^/10

umbral spyware stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1218605453374914620/OdDYjKWd2x_sgrT_0JmzryiFvoGTz03pvb7F84neOCAte6YtS3TcUiq7-D1K38B9s0T8

Signatures

Detect Umbral payload 7 IoCs

resource	yara_rule
behavioral3/files/0x000b00000001224c-53.dat	family_umbral
behavioral3/files/0x000b00000001224c-62.dat	family_umbral
behavioral3/files/0x000b00000001224c-61.dat	family_umbral
behavioral3/files/0x000b00000001224c-79.dat	family_umbral
behavioral3/files/0x000b00000001224c-80.dat	family_umbral
behavioral3/files/0x000b00000001224c-94.dat	family_umbral
behavioral3/memory/2896-13-0x0000000000360000-0x00000000003A0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	2984	NursultanStart.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	NursultanStart.exe

Executes dropped EXE 64 IoCs

pid	Process
2556	NursultanStart.exe
2516	start.exe
2896	NursultanStart.exe
2544	start.exe
2448	NursultanStart.exe
2436	start.exe
2580	NursultanStart.exe
2412	start.exe
3052	NursultanStart.exe
2964	start.exe
2984	NursultanStart.exe
760	start.exe
1524	NursultanStart.exe
568	start.exe
272	NursultanStart.exe
2740	start.exe
2112	NursultanStart.exe
2744	start.exe
1480	NursultanStart.exe
1336	start.exe
2768	NursultanStart.exe
1736	start.exe
1104	NursultanStart.exe
2320	start.exe
2912	NursultanStart.exe
1636	start.exe
1732	NursultanStart.exe
2116	start.exe
1056	NursultanStart.exe
1536	start.exe
1608	NursultanStart.exe
1452	start.exe
932	NursultanStart.exe
2308	start.exe
1540	NursultanStart.exe
2224	start.exe
2892	NursultanStart.exe
1728	start.exe
2096	NursultanStart.exe
2936	start.exe
1596	NursultanStart.exe
1600	start.exe
2520	NursultanStart.exe
2636	start.exe
2688	NursultanStart.exe
1952	start.exe
2464	NursultanStart.exe
2484	start.exe
736	NursultanStart.exe
2808	start.exe
2480	NursultanStart.exe
2888	start.exe
2500	NursultanStart.exe
2640	start.exe
1656	NursultanStart.exe
2820	start.exe
2004	NursultanStart.exe
1832	start.exe
2400	NursultanStart.exe
1996	start.exe
1252	NursultanStart.exe
2324	start.exe
1128	NursultanStart.exe
2296	start.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	start.exe
3036	start.exe
2516	start.exe
2516	start.exe
2544	start.exe
2544	start.exe
2436	start.exe
2436	start.exe
2412	start.exe
2412	start.exe
2964	start.exe
2964	start.exe
760	start.exe
760	start.exe
568	start.exe
568	start.exe
2740	start.exe
2740	start.exe
2744	start.exe
2744	start.exe
1336	start.exe
1336	start.exe
1736	start.exe
1736	start.exe
2320	start.exe
2320	start.exe
1636	start.exe
1636	start.exe
2116	start.exe
2116	start.exe
1536	start.exe
1536	start.exe
1452	start.exe
1452	start.exe
2308	start.exe
2308	start.exe
2224	start.exe
2224	start.exe
1728	start.exe
1728	start.exe
2936	start.exe
2936	start.exe
1600	start.exe
1600	start.exe
2636	start.exe
2636	start.exe
1952	start.exe
1952	start.exe
2484	start.exe
2484	start.exe
2808	start.exe
2808	start.exe
2888	start.exe
2888	start.exe
2640	start.exe
2640	start.exe
2820	start.exe
2820	start.exe
1832	start.exe
1832	start.exe
1996	start.exe
1996	start.exe
2324	start.exe
2324	start.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 22 IoCs

Web Service

T1102

flow	ioc
13	discord.com
31	discord.com
37	discord.com
55	discord.com
67	discord.com
54	discord.com
60	discord.com
66	discord.com
6	discord.com
18	discord.com
19	discord.com
42	discord.com
43	discord.com
7	discord.com
30	discord.com
48	discord.com
61	discord.com
12	discord.com
24	discord.com
25	discord.com
36	discord.com
49	discord.com

Looks up external IP address via web service 11 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16	ip-api.com
28	ip-api.com
34	ip-api.com
40	ip-api.com
46	ip-api.com
64	ip-api.com
4	ip-api.com
10	ip-api.com
22	ip-api.com
52	ip-api.com
58	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 11 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2528	Process not Found
2632	Process not Found
1760	Process not Found
2524	Process not Found
1484	Process not Found
2268	Process not Found
2036	Process not Found
2580	Process not Found
2856	Process not Found
1900	wmic.exe
788	Process not Found

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2664	powershell.exe
3016	powershell.exe
2564	powershell.exe
2132	powershell.exe
1696	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2984	NursultanStart.exe
Token: SeDebugPrivilege	2664	powershell.exe
Token: SeDebugPrivilege	3016	powershell.exe
Token: SeDebugPrivilege	2564	powershell.exe
Token: SeDebugPrivilege	2132	powershell.exe
Token: SeIncreaseQuotaPrivilege	1688	wmic.exe
Token: SeSecurityPrivilege	1688	wmic.exe
Token: SeTakeOwnershipPrivilege	1688	wmic.exe
Token: SeLoadDriverPrivilege	1688	wmic.exe
Token: SeSystemProfilePrivilege	1688	wmic.exe
Token: SeSystemtimePrivilege	1688	wmic.exe
Token: SeProfSingleProcessPrivilege	1688	wmic.exe
Token: SeIncBasePriorityPrivilege	1688	wmic.exe
Token: SeCreatePagefilePrivilege	1688	wmic.exe
Token: SeBackupPrivilege	1688	wmic.exe
Token: SeRestorePrivilege	1688	wmic.exe
Token: SeShutdownPrivilege	1688	wmic.exe
Token: SeDebugPrivilege	1688	wmic.exe
Token: SeSystemEnvironmentPrivilege	1688	wmic.exe
Token: SeRemoteShutdownPrivilege	1688	wmic.exe
Token: SeUndockPrivilege	1688	wmic.exe
Token: SeManageVolumePrivilege	1688	wmic.exe
Token: 33	1688	wmic.exe
Token: 34	1688	wmic.exe
Token: 35	1688	wmic.exe
Token: SeIncreaseQuotaPrivilege	1688	wmic.exe
Token: SeSecurityPrivilege	1688	wmic.exe
Token: SeTakeOwnershipPrivilege	1688	wmic.exe
Token: SeLoadDriverPrivilege	1688	wmic.exe
Token: SeSystemProfilePrivilege	1688	wmic.exe
Token: SeSystemtimePrivilege	1688	wmic.exe
Token: SeProfSingleProcessPrivilege	1688	wmic.exe
Token: SeIncBasePriorityPrivilege	1688	wmic.exe
Token: SeCreatePagefilePrivilege	1688	wmic.exe
Token: SeBackupPrivilege	1688	wmic.exe
Token: SeRestorePrivilege	1688	wmic.exe
Token: SeShutdownPrivilege	1688	wmic.exe
Token: SeDebugPrivilege	1688	wmic.exe
Token: SeSystemEnvironmentPrivilege	1688	wmic.exe
Token: SeRemoteShutdownPrivilege	1688	wmic.exe
Token: SeUndockPrivilege	1688	wmic.exe
Token: SeManageVolumePrivilege	1688	wmic.exe
Token: 33	1688	wmic.exe
Token: 34	1688	wmic.exe
Token: 35	1688	wmic.exe
Token: SeIncreaseQuotaPrivilege	3032	wmic.exe
Token: SeSecurityPrivilege	3032	wmic.exe
Token: SeTakeOwnershipPrivilege	3032	wmic.exe
Token: SeLoadDriverPrivilege	3032	wmic.exe
Token: SeSystemProfilePrivilege	3032	wmic.exe
Token: SeSystemtimePrivilege	3032	wmic.exe
Token: SeProfSingleProcessPrivilege	3032	wmic.exe
Token: SeIncBasePriorityPrivilege	3032	wmic.exe
Token: SeCreatePagefilePrivilege	3032	wmic.exe
Token: SeBackupPrivilege	3032	wmic.exe
Token: SeRestorePrivilege	3032	wmic.exe
Token: SeShutdownPrivilege	3032	wmic.exe
Token: SeDebugPrivilege	3032	wmic.exe
Token: SeSystemEnvironmentPrivilege	3032	wmic.exe
Token: SeRemoteShutdownPrivilege	3032	wmic.exe
Token: SeUndockPrivilege	3032	wmic.exe
Token: SeManageVolumePrivilege	3032	wmic.exe
Token: 33	3032	wmic.exe
Token: 34	3032	wmic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2556	3036	start.exe	255
PID 3036 wrote to memory of 2556	3036	start.exe	255
PID 3036 wrote to memory of 2556	3036	start.exe	255
PID 3036 wrote to memory of 2556	3036	start.exe	255
PID 3036 wrote to memory of 2516	3036	start.exe	29
PID 3036 wrote to memory of 2516	3036	start.exe	29
PID 3036 wrote to memory of 2516	3036	start.exe	29
PID 3036 wrote to memory of 2516	3036	start.exe	29
PID 2516 wrote to memory of 2896	2516	start.exe	30
PID 2516 wrote to memory of 2896	2516	start.exe	30
PID 2516 wrote to memory of 2896	2516	start.exe	30
PID 2516 wrote to memory of 2896	2516	start.exe	30
PID 2516 wrote to memory of 2544	2516	start.exe	376
PID 2516 wrote to memory of 2544	2516	start.exe	376
PID 2516 wrote to memory of 2544	2516	start.exe	376
PID 2516 wrote to memory of 2544	2516	start.exe	376
PID 2544 wrote to memory of 2448	2544	start.exe	380
PID 2544 wrote to memory of 2448	2544	start.exe	380
PID 2544 wrote to memory of 2448	2544	start.exe	380
PID 2544 wrote to memory of 2448	2544	start.exe	380
PID 2544 wrote to memory of 2436	2544	start.exe	401
PID 2544 wrote to memory of 2436	2544	start.exe	401
PID 2544 wrote to memory of 2436	2544	start.exe	401
PID 2544 wrote to memory of 2436	2544	start.exe	401
PID 2436 wrote to memory of 2580	2436	start.exe	34
PID 2436 wrote to memory of 2580	2436	start.exe	34
PID 2436 wrote to memory of 2580	2436	start.exe	34
PID 2436 wrote to memory of 2580	2436	start.exe	34
PID 2436 wrote to memory of 2412	2436	start.exe	337
PID 2436 wrote to memory of 2412	2436	start.exe	337
PID 2436 wrote to memory of 2412	2436	start.exe	337
PID 2436 wrote to memory of 2412	2436	start.exe	337
PID 2412 wrote to memory of 3052	2412	start.exe	36
PID 2412 wrote to memory of 3052	2412	start.exe	36
PID 2412 wrote to memory of 3052	2412	start.exe	36
PID 2412 wrote to memory of 3052	2412	start.exe	36
PID 2412 wrote to memory of 2964	2412	start.exe	431
PID 2412 wrote to memory of 2964	2412	start.exe	431
PID 2412 wrote to memory of 2964	2412	start.exe	431
PID 2412 wrote to memory of 2964	2412	start.exe	431
PID 2964 wrote to memory of 2984	2964	start.exe	553
PID 2964 wrote to memory of 2984	2964	start.exe	553
PID 2964 wrote to memory of 2984	2964	start.exe	553
PID 2964 wrote to memory of 2984	2964	start.exe	553
PID 2964 wrote to memory of 760	2964	start.exe	39
PID 2964 wrote to memory of 760	2964	start.exe	39
PID 2964 wrote to memory of 760	2964	start.exe	39
PID 2964 wrote to memory of 760	2964	start.exe	39
PID 760 wrote to memory of 1524	760	start.exe	197
PID 760 wrote to memory of 1524	760	start.exe	197
PID 760 wrote to memory of 1524	760	start.exe	197
PID 760 wrote to memory of 1524	760	start.exe	197
PID 760 wrote to memory of 568	760	start.exe	442
PID 760 wrote to memory of 568	760	start.exe	442
PID 760 wrote to memory of 568	760	start.exe	442
PID 760 wrote to memory of 568	760	start.exe	442
PID 568 wrote to memory of 272	568	start.exe	631
PID 568 wrote to memory of 272	568	start.exe	631
PID 568 wrote to memory of 272	568	start.exe	631
PID 568 wrote to memory of 272	568	start.exe	631
PID 568 wrote to memory of 2740	568	start.exe	638
PID 568 wrote to memory of 2740	568	start.exe	638
PID 568 wrote to memory of 2740	568	start.exe	638
PID 568 wrote to memory of 2740	568	start.exe	638

C:\Users\Admin\AppData\Local\Temp\start.exe
"C:\Users\Admin\AppData\Local\Temp\start.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
  "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\start.exe
  "C:\Users\Admin\AppData\Local\Temp\start.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
    "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
    3⤵
    - Executes dropped EXE
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\start.exe
    "C:\Users\Admin\AppData\Local\Temp\start.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
      "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
      4⤵
      Executes dropped EXE
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\start.exe
      "C:\Users\Admin\AppData\Local\Temp\start.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        5⤵
        Executes dropped EXE
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        6⤵
        Executes dropped EXE
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        7⤵
        Blocklisted process makes network request
        Drops file in Drivers directory
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2984
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe'
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2664
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3016
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2564
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2132
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1688
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3032
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        8⤵
        
        PID:1284
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        8⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1696
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        8⤵
        Detects videocard installed
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        8⤵
        Executes dropped EXE
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        9⤵
        Executes dropped EXE
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        10⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        11⤵
        Executes dropped EXE
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        12⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        13⤵
        Executes dropped EXE
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        14⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        15⤵
        Executes dropped EXE
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        16⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        17⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        18⤵
        Executes dropped EXE
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        19⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        20⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        21⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        22⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        23⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        24⤵
        Executes dropped EXE
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        25⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        26⤵
        Executes dropped EXE
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        27⤵
        Executes dropped EXE
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        28⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        29⤵
        Executes dropped EXE
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        30⤵
        Executes dropped EXE
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        31⤵
        Executes dropped EXE
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        32⤵
        Executes dropped EXE
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        33⤵
        Executes dropped EXE
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        33⤵
        Executes dropped EXE
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        34⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        34⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        35⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        35⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        36⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        36⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        37⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        37⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        38⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        38⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        39⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        39⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        40⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        40⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        41⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        41⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        42⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        42⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        43⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        43⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        44⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        44⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        45⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        45⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        46⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        46⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        47⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        47⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        48⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        48⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        49⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        49⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        50⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        50⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        51⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        51⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        52⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        52⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        53⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        53⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        54⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        54⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        55⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        55⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        56⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        56⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        57⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        57⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        58⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        58⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        59⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        59⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        60⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        60⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        61⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        61⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        62⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        62⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        63⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        63⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        64⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        64⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        65⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        65⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        66⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        66⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        67⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        67⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        68⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        68⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        69⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        69⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        70⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        70⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        71⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        71⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        72⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        72⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        73⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        73⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        74⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        74⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        75⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        75⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        76⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        76⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        77⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        77⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        78⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        78⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        79⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        79⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        80⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        80⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        81⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        81⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        82⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        82⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        83⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        83⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        84⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        84⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        85⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        85⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        86⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        86⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        87⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        87⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        88⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        88⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        89⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        89⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        90⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        90⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        91⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        91⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        92⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        92⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        93⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        93⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        94⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        94⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        95⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        95⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        96⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        96⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        97⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        97⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        98⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        98⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        99⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        99⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        100⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        100⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        101⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        101⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        102⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        102⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        103⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        103⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        104⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        104⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        105⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        105⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        106⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        106⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        107⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        107⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        108⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        108⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        109⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        109⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        110⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        110⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        111⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        111⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        112⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        112⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        113⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        113⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        114⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        114⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        115⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        115⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        116⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        116⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        117⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        117⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        118⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        118⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        119⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        119⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        120⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        120⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        121⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        121⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        122⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        122⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        123⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        123⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        124⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        124⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        125⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        125⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        126⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        126⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        127⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        127⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        128⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        128⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        129⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        129⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        130⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        130⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        131⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        131⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        132⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        132⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        133⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        133⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        134⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        134⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        135⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        135⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        136⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        136⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        137⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        137⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        138⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        138⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        139⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        139⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        140⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        140⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        141⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        141⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        142⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        142⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        143⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        143⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        144⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        144⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        145⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        145⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        146⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        146⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        147⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        147⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        148⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        148⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        149⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        149⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        150⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        150⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        151⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        151⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        152⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        152⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        153⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        153⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        154⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        154⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        155⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        155⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        156⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        156⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        157⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        157⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        158⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        158⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        159⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        159⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        160⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        160⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        161⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        161⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        162⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        162⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        163⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        163⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        164⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        164⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        165⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        165⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        166⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        166⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        167⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        167⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        168⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        168⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        169⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        169⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        170⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        170⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        171⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        171⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        172⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        172⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        173⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        173⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        174⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        174⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        175⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        175⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        176⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        176⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        177⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        177⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        178⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        178⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        179⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        179⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        180⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        180⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        181⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        181⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        182⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        182⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        183⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        183⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        184⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        184⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        185⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        185⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        186⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        186⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        187⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        187⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        188⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        188⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        189⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        189⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        190⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        190⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        191⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        191⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        192⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        192⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        193⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        193⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        194⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        194⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        195⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        195⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        196⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        196⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        197⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        197⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        198⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        198⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        199⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        199⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        200⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        200⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        201⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        201⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        202⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        202⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        203⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        203⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        204⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        204⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        205⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        205⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        206⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        206⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        207⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        207⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        208⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        208⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        209⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        209⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        210⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        210⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        211⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        211⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        212⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        212⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        213⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        213⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        214⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        214⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        215⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        215⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        216⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        216⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        217⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        217⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        218⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        218⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        219⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        219⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        220⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        220⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        221⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        221⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        222⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        222⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        223⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        223⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        224⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        224⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        225⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        225⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        226⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        226⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        227⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        227⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        228⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        228⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        229⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        229⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        230⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        230⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        231⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        231⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        232⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        232⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        233⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        233⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        234⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        234⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        235⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        235⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        236⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        236⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        237⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        237⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        238⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        238⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        239⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        239⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        240⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        240⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        241⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        241⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        242⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        242⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        243⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        243⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        244⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        244⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        245⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        245⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        246⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        246⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        247⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        247⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        248⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        248⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        249⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        249⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        250⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        250⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        251⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        251⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        252⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        252⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        253⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        253⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        254⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        254⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        255⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        255⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        256⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        256⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        257⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        257⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        258⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        258⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        259⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        259⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        260⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        260⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        261⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        261⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        262⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        262⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        263⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        263⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        264⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        264⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        265⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        265⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        266⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        266⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        267⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        267⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        268⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        268⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        269⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        269⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        270⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        270⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        271⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        271⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        272⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        272⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        273⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        273⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        274⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        274⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        275⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        275⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        276⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        276⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        277⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        277⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        278⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        278⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        279⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        279⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        280⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        280⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        281⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        281⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        282⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        282⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        283⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        283⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        284⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        284⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        285⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        285⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        286⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        286⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        287⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        287⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        288⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        288⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        289⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        289⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        290⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        290⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        291⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        291⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        292⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        292⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        293⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        293⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        294⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        294⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        295⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        295⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        296⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        296⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        297⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        297⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        298⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        298⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        299⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        299⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        300⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        300⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        301⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        301⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        302⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        302⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        303⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        303⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        304⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        304⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        305⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        305⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        306⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        306⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        307⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        307⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        308⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        308⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        309⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        309⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        310⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        310⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        311⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        311⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        312⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        312⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        313⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        313⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        314⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        314⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        315⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        315⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        316⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        316⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        317⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        317⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        318⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        318⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        319⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        319⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        320⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        320⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        321⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        321⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        322⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        322⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        323⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        323⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        324⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        324⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        325⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        325⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        326⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        326⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        327⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        327⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        328⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        328⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        329⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        329⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        330⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        330⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        331⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        331⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        332⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        332⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        333⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        333⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        334⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        334⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        335⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        335⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        336⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        336⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        337⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        337⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        338⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        338⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        339⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        339⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        340⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        340⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        341⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        341⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        342⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        342⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        343⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        343⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        344⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        344⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        345⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        345⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        346⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        346⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        347⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        347⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        348⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        348⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        349⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        349⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        350⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        350⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        351⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        351⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        352⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        352⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        353⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        353⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        354⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        354⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        355⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        355⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        356⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        356⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        357⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        357⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        358⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        358⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        359⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        359⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        360⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        360⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        361⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        361⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        362⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        362⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        363⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        363⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        364⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        364⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        365⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        365⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        366⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        366⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        367⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        367⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        368⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        368⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        369⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        369⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        370⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        370⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        371⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        371⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        372⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        372⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        373⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        373⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        374⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        374⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        375⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        375⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        376⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        376⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        377⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        377⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        378⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        378⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        379⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        379⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        380⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        380⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        381⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        381⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        382⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        382⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        383⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        383⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        384⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        384⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        385⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        385⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        386⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        386⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        387⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        387⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        388⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        388⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        389⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        389⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        390⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        390⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        391⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        391⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        392⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        392⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        393⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        393⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        394⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        394⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        395⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        395⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        396⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        396⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        397⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        397⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        398⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        398⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        399⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        399⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        400⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        400⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        401⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        401⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        402⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        402⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        403⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        403⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        404⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        404⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        405⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        405⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        406⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        406⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        407⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        407⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        408⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        408⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        409⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        409⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        410⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        410⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        411⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        411⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        412⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        412⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        413⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        413⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        414⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        414⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        415⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        415⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        416⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        416⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        417⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        417⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        418⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        418⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        419⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        419⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        420⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        420⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        421⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        421⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        422⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        422⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        423⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        423⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        424⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        424⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        425⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        425⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        426⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        426⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        427⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        427⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        428⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        428⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        429⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        429⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        430⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        430⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        431⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        431⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        432⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        432⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        433⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        433⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        434⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        434⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        435⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        435⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        436⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        436⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        437⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        437⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        438⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        438⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        439⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        439⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        440⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        440⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        441⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        441⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        442⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        442⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        443⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        443⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        444⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        444⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        445⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        445⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        446⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        446⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        447⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        447⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        448⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        448⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        449⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        449⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        450⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        450⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        451⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        451⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        452⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        452⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        453⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        453⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        454⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        454⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        455⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        455⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        456⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        456⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        457⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        457⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        458⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        458⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        459⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        459⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        460⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        460⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        461⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        461⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        462⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        462⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        463⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        463⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        464⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        464⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        465⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        465⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        466⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        466⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        467⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        467⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        468⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        468⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        469⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        469⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        470⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        470⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        471⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        471⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        472⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        472⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        473⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        473⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        474⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        474⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        475⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        475⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        476⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        476⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        477⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        477⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        478⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        478⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        479⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        479⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        480⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        480⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        481⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        481⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        482⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        482⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        483⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        483⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        484⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        484⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        485⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        485⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        486⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        486⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        487⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        487⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        488⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        488⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        489⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        489⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        490⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        490⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        491⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        491⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        492⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        492⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        493⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        493⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        494⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        494⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        495⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        495⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        496⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        496⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        497⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        497⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        498⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        498⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        499⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        499⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        500⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        500⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        501⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        501⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        502⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        502⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        503⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        503⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        504⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        504⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        505⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        505⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        506⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        506⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        507⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        507⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        508⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        508⤵
        
        PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9tzWgOMOVbHRgmS

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
229KB

MD5
a635e377a579296af70e52f439465078

SHA1
68aff1bf9a48c1d8f326f9ee1d95a795c1b35c35

SHA256
11ca4440ffccc6e94fa1536d27eeafdceea8782202a56f3989b19f845d7864ac

SHA512
cef30f2e3385399c9659acb6938a68a46401b977cb84c1137cc18dd37009c61a91eeb473a65552bb5585af69ecfadd878db0a0f6bd24584153d9796a3e46db39

Download Submit
C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
27KB

MD5
20657e0f9e541a51a8660420b9cd96aa

SHA1
def635478f9d732d1cb94cfce77dbff55a1c019d

SHA256
9a908f306d5cee4830a6a12ad4dc8af932746e63edb0027227ada98c269980d1

SHA512
089eafedadeb913f884fdc7b61c8b8347398c8c07e465e2fead14d5fbcada8a7293c5c1d9e3c680c238c4bc083f006007354f5464cd7c32f1ef7b3fdb3c76877

Download Submit
C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
165KB

MD5
f26f3994209e754a2c3e5c59883cf552

SHA1
819b9f4d1e6f3dea3f6781ca81aab97f2329b522

SHA256
dd5cfde288220a7a9edd34629d11fc982e8e7af84556c14d5de5aa9249003e8a

SHA512
5a91d4d235abf195302d1c722f850054aa2b2028f0457381e8dee7125564571ee0a8a299448e71cf2fa042170032f211c0b1075bcc90722252839a1651c75fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\V25L2ijttSDLCmG\Display\Display.png

Filesize
370KB

MD5
a1180c5cdc450a01ae37d65ed4ee7249

SHA1
216cc9662b0e34493b707dcd20b5ca6055282305

SHA256
019cd3891a74a6ab916265c4e8f11b21084c1fb0df8246f2e042ebe755f16666

SHA512
de411ecd26c6eee66caf035cbd85b4a5eba601b4e615cc9d354a2a11734c81c0fcff0780ea2c128f058a9fa92a0c0290135419c86f3d110b74f8c62a7e03b0bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\hgpYtSQyKwu8zEM

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.exe

Filesize
90KB

MD5
68c2328180ba77ac6add7364511e0efc

SHA1
7719d60e98189252142c7e2e390ebade9c94bb23

SHA256
434a8cd2dfc2c73b7cdb57da2167423542e6bf261b003ffa1fa938cb23dc1d0e

SHA512
184fb93f10740b52347c3db22645c81033890e69d46e52920446278e9458d65259ca4f7db07ef874bbf6e9a8884a581b8bfab34d5ede284f426324f5ff3049c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\start.exe

Filesize
110KB

MD5
cda6f4f753a883d4a41d3ed017eb9d46

SHA1
e209c9b11cdd1790ad57dcda865de7310724d0e2

SHA256
f6ab08e4ea7d8c0ccd9fc1bb505ab8a591408cb1e800c082c2e913640106275e

SHA512
be69c8210e1028ad0a1a3a2169db2f0a8b261bbcc20df0f3d46c28c5397ea07fdad4fcbee4c3f7d5ecb1232b29844c9060369032c3b3470de388c7100c5bace9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
557d6b03d72452fb5170a96bbff80197

SHA1
4df83164dfe688804098c563e17595c22c88ea89

SHA256
e474d5da888a46f3099e2f6c4a2baba5fea3d85692e9dc975fcdb9c8e3fe670d

SHA512
213a781c25ff53132ea412ce537c67f819ee385aea29ee6eed4fb10ee5dfc80ece5f508375e8bd7a8b19e01f9dd4670e1337c2d2e2d7eb194597d678a0da6e1a

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
577f27e6d74bd8c5b7b0371f2b1e991c

SHA1
b334ccfe13792f82b698960cceaee2e690b85528

SHA256
0ade9ef91b5283eceb17614dd47eb450a5a2a371c410232552ad80af4fbfd5f9

SHA512
944b09b6b9d7c760b0c5add40efd9a25197c22e302c3c7e6d3f4837825ae9ee73e8438fc2c93e268da791f32deb70874799b8398ebae962a9fc51c980c7a5f5c

Download Submit
\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
135KB

MD5
cd444966faec4acf74fbcf5552ca6ff1

SHA1
b43486bc2e4f574a2b3e12f91bcc5e18576d30fb

SHA256
7679a905edcc4892c200745217be3077396e84274bcdaa454de0153c989447e9

SHA512
b4d57a3548721c6ab179a3963bbff4d5eda28987e62996c3eefe15ee9277935d9a0f2c048e2379dc57ab8d13a236223836428179269b4a062c90bc1304d7b83a

Download Submit
\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
129KB

MD5
0dbf3760c913cbd04a324fefc2036d02

SHA1
8516325edec9cf9f5df8703ce4631a8c425c7176

SHA256
5cc3c2ba9dea6fd1cdc6f023ff00d20b23fc03efc74465db28c24923b241ee88

SHA512
e5c21d5564e87ec75acd70abc6595f4f0a48259bd58735f82a1fbdcbc11b6cb16d1dced9b2fe8d873c4ea8a2ec85706e34b3e4900f0012167285ee3410af008d

Download Submit
\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
223KB

MD5
4240205a0fd45af994a9402a3ab62f9c

SHA1
a8e81683bdd8ce1a343b0470572af7f111d9e270

SHA256
bfaf473f320d3c0a368e247ed8d290d5fcb4969de8232e4011db32c1848076e9

SHA512
b6f39be00802b51e07402072b80d1ddf88ef4dea48a5e5d8c5ee5238e04e2b328613721aad3fb0f17651e7097ebdb79053e8832ec526ce2d05cc8091bab01c83

Download Submit
\Users\Admin\AppData\Local\Temp\start.exe

Filesize
192KB

MD5
066f7f594bf6f254748bc19562dd1bc3

SHA1
313883f4a7fbfc3c60b153492aeefb927c5d5694

SHA256
9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e

SHA512
04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca

Download Submit
\Users\Admin\AppData\Local\Temp\start.exe

Filesize
103KB

MD5
af127cee9f364256849248ffd518bf43

SHA1
a7ee45dd73e30807a1b884aca1a5297d3133ead7

SHA256
769268b81640bd954998ad2e32cdbcfdd1fab2f1a72b9851db037c2b8ca47295

SHA512
532f01315c55b5cc0ce496046a22c359e97688c73ec79239f5402841dde61a6ebc1b813311e30656b7031ea3bcf70472de6f0101f7b0a3e1c562d425f4154909

Download Submit
\Users\Admin\AppData\Local\Temp\start.exe

Filesize
184KB

MD5
508d8dff2ac1ba49e27b0a71068b716a

SHA1
4096dc4c14c92031223c4308c2ec4f66b1fa8ad7

SHA256
7d0a7d6c9ba4cd287225e2dac17842bb4740b33e55b2e8f31f145759571450bb

SHA512
8df7ff4606786d452b2602caffd471561228717739ea16caa699db48e9fc32f5fc0abd34a8196eb7a692a4cd16bb707c18cf3f8d7b11c3772c90f502a110a61e

Download Submit
memory/272-47-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/736-145-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/932-111-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1056-98-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1104-78-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1480-128-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1480-65-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1524-118-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1524-46-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1540-115-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1596-124-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1608-108-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-93-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2096-122-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-126-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-55-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2448-27-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2448-49-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2464-142-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2480-150-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2520-127-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2556-22-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2556-50-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2564-141-0x000007FEEDEB0000-0x000007FEEE84D000-memory.dmp

Filesize
9.6MB

Download
memory/2564-138-0x000000001B180000-0x000000001B462000-memory.dmp

Filesize
2.9MB

Download
memory/2564-140-0x0000000002520000-0x0000000002528000-memory.dmp

Filesize
32KB

Download
memory/2564-143-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2564-148-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2564-149-0x0000000002910000-0x0000000002990000-memory.dmp

Filesize
512KB

Download
memory/2564-144-0x000007FEEDEB0000-0x000007FEEE84D000-memory.dmp

Filesize
9.6MB

Download
memory/2580-30-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2580-48-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2664-66-0x0000000002510000-0x0000000002590000-memory.dmp

Filesize
512KB

Download
memory/2664-139-0x0000000002510000-0x0000000002590000-memory.dmp

Filesize
512KB

Download
memory/2664-84-0x000007FEEDEB0000-0x000007FEEE84D000-memory.dmp

Filesize
9.6MB

Download
memory/2664-89-0x0000000002510000-0x0000000002590000-memory.dmp

Filesize
512KB

Download
memory/2664-85-0x0000000002510000-0x0000000002590000-memory.dmp

Filesize
512KB

Download
memory/2664-91-0x000007FEEDEB0000-0x000007FEEE84D000-memory.dmp

Filesize
9.6MB

Download
memory/2664-92-0x0000000002510000-0x0000000002590000-memory.dmp

Filesize
512KB

Download
memory/2664-73-0x0000000002410000-0x0000000002418000-memory.dmp

Filesize
32KB

Download
memory/2664-72-0x000000001B390000-0x000000001B672000-memory.dmp

Filesize
2.9MB

Download
memory/2688-129-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2768-71-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2892-119-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-35-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-45-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-13-0x0000000000360000-0x00000000003A0000-memory.dmp

Filesize
256KB

Download
memory/2912-83-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2984-123-0x000000001B280000-0x000000001B300000-memory.dmp

Filesize
512KB

Download
memory/2984-41-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2984-51-0x000000001B280000-0x000000001B300000-memory.dmp

Filesize
512KB

Download
memory/2984-114-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/3016-120-0x0000000002A00000-0x0000000002A80000-memory.dmp

Filesize
512KB

Download
memory/3016-106-0x000000001B340000-0x000000001B622000-memory.dmp

Filesize
2.9MB

Download
memory/3016-107-0x0000000002510000-0x0000000002518000-memory.dmp

Filesize
32KB

Download
memory/3016-109-0x0000000002A00000-0x0000000002A80000-memory.dmp

Filesize
512KB

Download
memory/3016-110-0x000007FEED510000-0x000007FEEDEAD000-memory.dmp

Filesize
9.6MB

Download
memory/3016-121-0x000007FEED510000-0x000007FEEDEAD000-memory.dmp

Filesize
9.6MB

Download
memory/3016-113-0x0000000002A00000-0x0000000002A80000-memory.dmp

Filesize
512KB

Download
memory/3016-116-0x000007FEED510000-0x000007FEEDEAD000-memory.dmp

Filesize
9.6MB

Download
memory/3016-112-0x0000000002A00000-0x0000000002A80000-memory.dmp

Filesize
512KB

Download
memory/3016-117-0x0000000002A00000-0x0000000002A80000-memory.dmp

Filesize
512KB

Download
memory/3052-38-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-44-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download