umbral | b9395c6223dd34cdd95dd5c298eb609a806b12f2f2bcf9b0932b47ab564ee591

Analysis

max time kernel
208s
max time network
1718s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

start.exe
Size

192KB
MD5

066f7f594bf6f254748bc19562dd1bc3
SHA1

313883f4a7fbfc3c60b153492aeefb927c5d5694
SHA256

9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e
SHA512

04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca
SSDEEP

6144:i0mlbUZ0lzEhoPkoaHOw4D/dB8H2HSZRw5:0aCESPkpHNi/bX

Score

10^/10

umbral spyware stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1218605453374914620/OdDYjKWd2x_sgrT_0JmzryiFvoGTz03pvb7F84neOCAte6YtS3TcUiq7-D1K38B9s0T8

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral7/files/0x000a0000000143fa-3.dat	family_umbral
behavioral7/memory/2472-17-0x00000000002B0000-0x00000000002F0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	NursultanStart.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	NursultanStart.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Process not Found
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Process not Found

Executes dropped EXE 64 IoCs

pid	Process
2176	NursultanStart.exe
2944	start.exe
2472	NursultanStart.exe
2576	start.exe
2496	start.exe
2724	NursultanStart.exe
2528	start.exe
2900	NursultanStart.exe
2504	start.exe
2384	NursultanStart.exe
2404	start.exe
2372	NursultanStart.exe
2972	start.exe
2804	NursultanStart.exe
632	start.exe
1852	NursultanStart.exe
1240	start.exe
888	NursultanStart.exe
1592	start.exe
2660	NursultanStart.exe
2152	start.exe
2248	NursultanStart.exe
2144	NursultanStart.exe
1580	start.exe
1648	NursultanStart.exe
780	start.exe
2040	start.exe
2044	NursultanStart.exe
2796	NursultanStart.exe
2912	start.exe
2200	NursultanStart.exe
1860	start.exe
1720	NursultanStart.exe
1916	start.exe
1952	NursultanStart.exe
3036	start.exe
1068	NursultanStart.exe
1576	start.exe
2340	NursultanStart.exe
1788	start.exe
656	NursultanStart.exe
2308	start.exe
3056	start.exe
2864	start.exe
2932	NursultanStart.exe
2952	start.exe
356	start.exe
552	start.exe
1312	start.exe
1108	NursultanStart.exe
3060	NursultanStart.exe
2236	start.exe
496	NursultanStart.exe
1496	NursultanStart.exe
952	NursultanStart.exe
936	NursultanStart.exe
804	NursultanStart.exe
772	start.exe
1080	start.exe
920	NursultanStart.exe
1904	NursultanStart.exe
1932	start.exe
992	NursultanStart.exe
2692	start.exe

Loads dropped DLL 64 IoCs

pid	Process
1040	start.exe
1040	start.exe
2944	start.exe
2944	start.exe
2576	start.exe
2576	start.exe
2496	start.exe
2496	start.exe
2528	start.exe
2528	start.exe
2504	start.exe
2504	start.exe
2404	start.exe
2404	start.exe
2972	start.exe
2972	start.exe
632	start.exe
632	start.exe
1240	start.exe
1240	start.exe
1592	start.exe
1592	start.exe
2152	start.exe
2152	start.exe
1580	start.exe
1580	start.exe
780	start.exe
780	start.exe
2040	start.exe
2040	start.exe
2912	start.exe
2912	start.exe
1860	start.exe
1860	start.exe
1916	start.exe
1916	start.exe
3036	start.exe
3036	start.exe
1576	start.exe
1576	start.exe
1788	start.exe
1788	start.exe
2308	start.exe
2308	start.exe
3056	start.exe
3056	start.exe
2864	start.exe
2864	start.exe
2952	start.exe
2952	start.exe
356	start.exe
356	start.exe
552	start.exe
552	start.exe
1312	start.exe
1312	start.exe
2236	start.exe
2236	start.exe
772	start.exe
772	start.exe
1080	start.exe
1080	start.exe
1932	start.exe
1932	start.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 28 IoCs

Web Service

T1102

flow	ioc
32	discord.com
69	discord.com
76	discord.com
63	discord.com
82	discord.com
12	discord.com
19	discord.com
51	discord.com
70	discord.com
87	discord.com
44	discord.com
81	discord.com
7	discord.com
33	discord.com
38	discord.com
64	discord.com
75	discord.com
18	discord.com
45	discord.com
57	discord.com
39	discord.com
88	discord.com
25	discord.com
26	discord.com
50	discord.com
6	discord.com
13	discord.com
56	discord.com

Looks up external IP address via web service 14 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
48	ip-api.com
54	ip-api.com
85	ip-api.com
36	ip-api.com
61	ip-api.com
73	ip-api.com
16	ip-api.com
10	ip-api.com
67	ip-api.com
79	ip-api.com
4	ip-api.com
30	ip-api.com
42	ip-api.com
23	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Detects videocard installed 1 TTPs 14 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3384	wmic.exe
480	Process not Found
1352	Process not Found
3596	Process not Found
3108	wmic.exe
2964	Process not Found
3688	Process not Found
1216	Process not Found
3416	Process not Found
2696	Process not Found
3972	Process not Found
3032	Process not Found
3660	Process not Found
1080	Process not Found

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2688	powershell.exe
544	powershell.exe
3684	powershell.exe
1000	powershell.exe
1960	powershell.exe
2536	powershell.exe
892	powershell.exe
3340	powershell.exe
3636	powershell.exe
3940	powershell.exe
3940	Process not Found
3400	Process not Found
3216	Process not Found
1488	Process not Found
2308	Process not Found
2168	Process not Found
2116	Process not Found
2636	Process not Found
1448	Process not Found
3952	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2724	NursultanStart.exe
Token: SeDebugPrivilege	2688	powershell.exe
Token: SeDebugPrivilege	544	powershell.exe
Token: SeDebugPrivilege	3684	powershell.exe
Token: SeDebugPrivilege	1000	powershell.exe
Token: SeIncreaseQuotaPrivilege	3248	wmic.exe
Token: SeSecurityPrivilege	3248	wmic.exe
Token: SeTakeOwnershipPrivilege	3248	wmic.exe
Token: SeLoadDriverPrivilege	3248	wmic.exe
Token: SeSystemProfilePrivilege	3248	wmic.exe
Token: SeSystemtimePrivilege	3248	wmic.exe
Token: SeProfSingleProcessPrivilege	3248	wmic.exe
Token: SeIncBasePriorityPrivilege	3248	wmic.exe
Token: SeCreatePagefilePrivilege	3248	wmic.exe
Token: SeBackupPrivilege	3248	wmic.exe
Token: SeRestorePrivilege	3248	wmic.exe
Token: SeShutdownPrivilege	3248	wmic.exe
Token: SeDebugPrivilege	3248	wmic.exe
Token: SeSystemEnvironmentPrivilege	3248	wmic.exe
Token: SeRemoteShutdownPrivilege	3248	wmic.exe
Token: SeUndockPrivilege	3248	wmic.exe
Token: SeManageVolumePrivilege	3248	wmic.exe
Token: 33	3248	wmic.exe
Token: 34	3248	wmic.exe
Token: 35	3248	wmic.exe
Token: SeIncreaseQuotaPrivilege	3248	wmic.exe
Token: SeSecurityPrivilege	3248	wmic.exe
Token: SeTakeOwnershipPrivilege	3248	wmic.exe
Token: SeLoadDriverPrivilege	3248	wmic.exe
Token: SeSystemProfilePrivilege	3248	wmic.exe
Token: SeSystemtimePrivilege	3248	wmic.exe
Token: SeProfSingleProcessPrivilege	3248	wmic.exe
Token: SeIncBasePriorityPrivilege	3248	wmic.exe
Token: SeCreatePagefilePrivilege	3248	wmic.exe
Token: SeBackupPrivilege	3248	wmic.exe
Token: SeRestorePrivilege	3248	wmic.exe
Token: SeShutdownPrivilege	3248	wmic.exe
Token: SeDebugPrivilege	3248	wmic.exe
Token: SeSystemEnvironmentPrivilege	3248	wmic.exe
Token: SeRemoteShutdownPrivilege	3248	wmic.exe
Token: SeUndockPrivilege	3248	wmic.exe
Token: SeManageVolumePrivilege	3248	wmic.exe
Token: 33	3248	wmic.exe
Token: 34	3248	wmic.exe
Token: 35	3248	wmic.exe
Token: SeIncreaseQuotaPrivilege	3832	wmic.exe
Token: SeSecurityPrivilege	3832	wmic.exe
Token: SeTakeOwnershipPrivilege	3832	wmic.exe
Token: SeLoadDriverPrivilege	3832	wmic.exe
Token: SeSystemProfilePrivilege	3832	wmic.exe
Token: SeSystemtimePrivilege	3832	wmic.exe
Token: SeProfSingleProcessPrivilege	3832	wmic.exe
Token: SeIncBasePriorityPrivilege	3832	wmic.exe
Token: SeCreatePagefilePrivilege	3832	wmic.exe
Token: SeBackupPrivilege	3832	wmic.exe
Token: SeRestorePrivilege	3832	wmic.exe
Token: SeShutdownPrivilege	3832	wmic.exe
Token: SeDebugPrivilege	3832	wmic.exe
Token: SeSystemEnvironmentPrivilege	3832	wmic.exe
Token: SeRemoteShutdownPrivilege	3832	wmic.exe
Token: SeUndockPrivilege	3832	wmic.exe
Token: SeManageVolumePrivilege	3832	wmic.exe
Token: 33	3832	wmic.exe
Token: 34	3832	wmic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2176	1040	start.exe	28
PID 1040 wrote to memory of 2176	1040	start.exe	28
PID 1040 wrote to memory of 2176	1040	start.exe	28
PID 1040 wrote to memory of 2176	1040	start.exe	28
PID 1040 wrote to memory of 2944	1040	start.exe	29
PID 1040 wrote to memory of 2944	1040	start.exe	29
PID 1040 wrote to memory of 2944	1040	start.exe	29
PID 1040 wrote to memory of 2944	1040	start.exe	29
PID 2944 wrote to memory of 2472	2944	start.exe	30
PID 2944 wrote to memory of 2472	2944	start.exe	30
PID 2944 wrote to memory of 2472	2944	start.exe	30
PID 2944 wrote to memory of 2472	2944	start.exe	30
PID 2944 wrote to memory of 2576	2944	start.exe	31
PID 2944 wrote to memory of 2576	2944	start.exe	31
PID 2944 wrote to memory of 2576	2944	start.exe	31
PID 2944 wrote to memory of 2576	2944	start.exe	31
PID 2576 wrote to memory of 2724	2576	start.exe	32
PID 2576 wrote to memory of 2724	2576	start.exe	32
PID 2576 wrote to memory of 2724	2576	start.exe	32
PID 2576 wrote to memory of 2724	2576	start.exe	32
PID 2576 wrote to memory of 2496	2576	start.exe	278
PID 2576 wrote to memory of 2496	2576	start.exe	278
PID 2576 wrote to memory of 2496	2576	start.exe	278
PID 2576 wrote to memory of 2496	2576	start.exe	278
PID 2496 wrote to memory of 2900	2496	start.exe	34
PID 2496 wrote to memory of 2900	2496	start.exe	34
PID 2496 wrote to memory of 2900	2496	start.exe	34
PID 2496 wrote to memory of 2900	2496	start.exe	34
PID 2496 wrote to memory of 2528	2496	start.exe	109
PID 2496 wrote to memory of 2528	2496	start.exe	109
PID 2496 wrote to memory of 2528	2496	start.exe	109
PID 2496 wrote to memory of 2528	2496	start.exe	109
PID 2528 wrote to memory of 2384	2528	start.exe	36
PID 2528 wrote to memory of 2384	2528	start.exe	36
PID 2528 wrote to memory of 2384	2528	start.exe	36
PID 2528 wrote to memory of 2384	2528	start.exe	36
PID 2528 wrote to memory of 2504	2528	start.exe	112
PID 2528 wrote to memory of 2504	2528	start.exe	112
PID 2528 wrote to memory of 2504	2528	start.exe	112
PID 2528 wrote to memory of 2504	2528	start.exe	112
PID 2504 wrote to memory of 2372	2504	start.exe	311
PID 2504 wrote to memory of 2372	2504	start.exe	311
PID 2504 wrote to memory of 2372	2504	start.exe	311
PID 2504 wrote to memory of 2372	2504	start.exe	311
PID 2504 wrote to memory of 2404	2504	start.exe	39
PID 2504 wrote to memory of 2404	2504	start.exe	39
PID 2504 wrote to memory of 2404	2504	start.exe	39
PID 2504 wrote to memory of 2404	2504	start.exe	39
PID 2404 wrote to memory of 2804	2404	start.exe	145
PID 2404 wrote to memory of 2804	2404	start.exe	145
PID 2404 wrote to memory of 2804	2404	start.exe	145
PID 2404 wrote to memory of 2804	2404	start.exe	145
PID 2404 wrote to memory of 2972	2404	start.exe	41
PID 2404 wrote to memory of 2972	2404	start.exe	41
PID 2404 wrote to memory of 2972	2404	start.exe	41
PID 2404 wrote to memory of 2972	2404	start.exe	41
PID 2972 wrote to memory of 1852	2972	start.exe	42
PID 2972 wrote to memory of 1852	2972	start.exe	42
PID 2972 wrote to memory of 1852	2972	start.exe	42
PID 2972 wrote to memory of 1852	2972	start.exe	42
PID 2972 wrote to memory of 632	2972	start.exe	299
PID 2972 wrote to memory of 632	2972	start.exe	299
PID 2972 wrote to memory of 632	2972	start.exe	299
PID 2972 wrote to memory of 632	2972	start.exe	299

C:\Users\Admin\AppData\Local\Temp\start.exe
"C:\Users\Admin\AppData\Local\Temp\start.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
  "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\start.exe
  "C:\Users\Admin\AppData\Local\Temp\start.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
    "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
    3⤵
    - Executes dropped EXE
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\start.exe
    "C:\Users\Admin\AppData\Local\Temp\start.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
      "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2724
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe'
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2688
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:544
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3684
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1000
    - - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3248
    - - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3832
    - - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        5⤵
        
        PID:3144
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1960
    - - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\start.exe
      "C:\Users\Admin\AppData\Local\Temp\start.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        5⤵
        Executes dropped EXE
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        6⤵
        Executes dropped EXE
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        7⤵
        Executes dropped EXE
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        8⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        9⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        10⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        11⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        12⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        13⤵
        Executes dropped EXE
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        14⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        15⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        16⤵
        Executes dropped EXE
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        17⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        18⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        19⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        20⤵
        Executes dropped EXE
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        21⤵
        Executes dropped EXE
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        22⤵
        Executes dropped EXE
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        23⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        24⤵
        Executes dropped EXE
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        25⤵
        Executes dropped EXE
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        26⤵
        Executes dropped EXE
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        27⤵
        Executes dropped EXE
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        28⤵
        Executes dropped EXE
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        29⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        30⤵
        Executes dropped EXE
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        31⤵
        Executes dropped EXE
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        32⤵
        Executes dropped EXE
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        33⤵
        Executes dropped EXE
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        33⤵
        Executes dropped EXE
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        34⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        34⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        35⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        35⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        36⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        36⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        37⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        37⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        38⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        38⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        39⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        39⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        40⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        40⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        41⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        41⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        42⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        42⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        43⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        43⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        44⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        44⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        45⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        45⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        46⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        46⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        47⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        47⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        48⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        48⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        49⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        49⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        50⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        50⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        51⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        51⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        52⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        52⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        53⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        53⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        54⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        54⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        55⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        55⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        56⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        56⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        57⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        57⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        58⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        58⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        59⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        59⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        60⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        60⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        61⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        61⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        62⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        62⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        63⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        63⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        64⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        64⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        65⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        65⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        66⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        66⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        67⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        67⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        68⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        68⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        69⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        69⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        70⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        70⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        71⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        71⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        72⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        72⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        73⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        73⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        74⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        74⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        75⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        75⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        76⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        76⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        77⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        77⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        78⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        78⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        79⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        79⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        80⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        80⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        81⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        81⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        82⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        82⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        83⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        83⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        84⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        84⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        85⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        85⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        86⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        86⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        87⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        87⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        88⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        88⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        89⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        89⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        90⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        90⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        91⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        91⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        92⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        92⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        93⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        93⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        94⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        94⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        95⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        95⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        96⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        96⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        97⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        97⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        98⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        98⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        99⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        99⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        100⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        100⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        101⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        101⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        102⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        102⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        103⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        103⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        104⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        104⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        105⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        105⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        106⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        106⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        107⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        107⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        108⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        108⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        109⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        109⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        110⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        110⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        111⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        111⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        112⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        112⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        113⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        113⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        114⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        114⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        115⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        115⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        116⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        116⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        117⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        117⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        118⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        118⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        119⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        119⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        120⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        120⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        121⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        121⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        122⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        122⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        123⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        123⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        124⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        124⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        125⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        125⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        126⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        126⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        127⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        127⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        128⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        128⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        129⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        129⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        130⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        130⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        131⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        131⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        132⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        132⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        133⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        133⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        134⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        134⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        135⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        135⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        136⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        136⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        137⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        137⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        138⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        138⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        139⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        139⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        140⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        140⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        141⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        141⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        142⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        142⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        143⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        143⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        144⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        144⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        145⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        145⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        146⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        146⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        147⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        147⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        148⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        148⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        149⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        149⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        150⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        150⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        151⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        151⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        152⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        152⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        153⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        153⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        154⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        154⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        155⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        155⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        156⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        156⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        157⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        157⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        158⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        158⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        159⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        159⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        160⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        160⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        161⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        161⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        162⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        162⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        163⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        163⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        164⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        164⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        165⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        165⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        166⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        166⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        167⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        167⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        168⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        168⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        169⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        169⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        170⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        170⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        171⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        171⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        172⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        172⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        173⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        173⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        174⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        174⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        175⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        175⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        176⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        176⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        177⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        177⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        178⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        178⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        179⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        179⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        180⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        180⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        181⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        181⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        182⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        182⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        183⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        183⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        184⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        184⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        185⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        185⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        186⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        186⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        187⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        187⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        188⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        188⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        189⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        189⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        190⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        190⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        191⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        191⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        192⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        192⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        193⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        193⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        194⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        194⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        195⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        195⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        196⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        196⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        197⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        197⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        198⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        198⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        199⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        199⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        200⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        200⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        201⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        201⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        202⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        202⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        203⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        203⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        204⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        204⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        205⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        205⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        206⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        206⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        207⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        207⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        208⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        208⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        209⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        209⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        210⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        210⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        211⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        211⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        212⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        212⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        213⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        213⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        214⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        214⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        215⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        215⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        216⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        216⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        217⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        217⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        218⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        218⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        219⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        219⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        220⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        220⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        221⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        221⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        222⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        222⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        223⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        223⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        224⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        224⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        225⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        225⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        226⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        226⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        227⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        227⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        228⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        228⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        229⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        229⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        230⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        230⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        231⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        231⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        232⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        232⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        233⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        233⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        234⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        234⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        235⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        235⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        236⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        236⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        237⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        237⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        238⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        238⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        239⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        239⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        240⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        240⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        241⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        241⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        242⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        242⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        243⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        243⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        244⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        244⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        245⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        245⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        246⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        246⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        247⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        247⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        248⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        248⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        249⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        249⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        250⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        250⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        251⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        251⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        252⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        252⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        253⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        253⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        254⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        254⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        255⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        255⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        256⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        256⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        257⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        257⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        258⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        258⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        259⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        259⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        260⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        260⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        261⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        261⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        262⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        262⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        263⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        263⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        264⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        264⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        265⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        265⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        266⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        266⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        267⤵
        Drops file in Drivers directory
        
        PID:3884
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe'
        268⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2536
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        268⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:892
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        268⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3340
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        268⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3636
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        268⤵
        
        PID:2880
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        268⤵
        
        PID:3504
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        268⤵
        
        PID:1512
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        268⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3940
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        268⤵
        Detects videocard installed
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        267⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        268⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        268⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        269⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        269⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        270⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        270⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        271⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        271⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        272⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        272⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        273⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        273⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        274⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        274⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        275⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        275⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        276⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        276⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        277⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        277⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        278⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        278⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        279⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        279⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        280⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        280⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        281⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        281⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        282⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        282⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        283⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        283⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        284⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        284⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        285⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        285⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        286⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        286⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        287⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        287⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        288⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        288⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        289⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        289⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        290⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        290⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        291⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        291⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        292⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        292⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        293⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        293⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        294⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        294⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        295⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        295⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        296⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        296⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        297⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        297⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        298⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        298⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        299⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        299⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        300⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        300⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        301⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        301⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        302⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        302⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        303⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        303⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        304⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        304⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        305⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        305⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        306⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        306⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        307⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        307⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        308⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        308⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        309⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        309⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        310⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        310⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        311⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        311⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        312⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        312⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        313⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        313⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        314⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        314⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        315⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        315⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        316⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        316⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        317⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        317⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        318⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        318⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        319⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        319⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        320⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        320⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        321⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        321⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        322⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        322⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        323⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        323⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        324⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        324⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        325⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        325⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        326⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        326⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        327⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        327⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        328⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        328⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        329⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        329⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        330⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        330⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        331⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        331⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        332⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        332⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        333⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        333⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        334⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        334⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        335⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        335⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        336⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        336⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        337⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        337⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        338⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        338⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        339⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        339⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        340⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        340⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        341⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        341⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        342⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        342⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        343⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        343⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        344⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        344⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        345⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        345⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        346⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        346⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        347⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        347⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        348⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        348⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        349⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        349⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        350⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        350⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        351⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        351⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        352⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        352⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        353⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        353⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        354⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        354⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        355⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        355⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        356⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        356⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        357⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        357⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        358⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        358⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        359⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        359⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        360⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        360⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        361⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        361⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        362⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        362⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        363⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        363⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        364⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        364⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        365⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        365⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        366⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        366⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        367⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        367⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        368⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        368⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        369⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        369⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        370⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        370⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        371⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        371⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        372⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        372⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        373⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        373⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        374⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        374⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        375⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        375⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        376⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        376⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        377⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        377⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        378⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        378⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        379⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        379⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        380⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        380⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        381⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        381⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        382⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        382⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        383⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        383⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        384⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        384⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        385⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        385⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        386⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        386⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        387⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        387⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        388⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        388⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        389⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        389⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        390⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        390⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        391⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        391⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        392⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        392⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        393⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        393⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        394⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        394⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        395⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        395⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        396⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        396⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        397⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        397⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        398⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        398⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        399⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        399⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        400⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        400⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        401⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        401⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        402⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        402⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        403⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        403⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        404⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        404⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        405⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        405⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        406⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        406⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        407⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        407⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        408⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        408⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        409⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        409⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        410⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        410⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        411⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        411⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        412⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        412⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        413⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        413⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        414⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        414⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        415⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        415⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        416⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        416⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        417⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        417⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        418⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        418⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        419⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        419⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        420⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        420⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        421⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        421⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        422⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        422⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        423⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        423⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        424⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        424⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        425⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        425⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        426⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        426⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        427⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        427⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        428⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        428⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        429⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        429⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        430⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        430⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        431⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        431⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        432⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        432⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        433⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        433⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        434⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        434⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        435⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        435⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        436⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        436⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        437⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        437⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        438⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        438⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        439⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        439⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        440⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        440⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        441⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        441⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        442⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        442⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        443⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        443⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        444⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        444⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        445⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        445⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        446⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        446⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        447⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        447⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        448⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        448⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        449⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        449⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        450⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        450⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        451⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        451⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        452⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        452⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        453⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        453⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        454⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        454⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        455⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        455⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        456⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        456⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        457⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        457⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        458⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        458⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        459⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        459⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        460⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        460⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        461⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        461⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        462⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        462⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        463⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        463⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        464⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        464⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        465⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        465⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        466⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        466⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        467⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        467⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        468⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        468⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        469⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        469⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        470⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        470⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        471⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        471⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        472⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        472⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        473⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        473⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        474⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        474⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        475⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        475⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        476⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        476⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        477⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        477⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        478⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        478⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        479⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        479⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        480⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        480⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        481⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        481⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        482⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        482⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        483⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        483⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        484⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        484⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        485⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        485⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        486⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        486⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        487⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        487⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        488⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        488⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        489⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        489⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        490⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        490⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        491⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        491⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        492⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        492⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        493⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        493⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        494⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        494⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        495⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        495⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        496⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        496⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        497⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        497⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        498⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        498⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        499⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        499⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NursultanStart.exe"
        500⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\start.exe
        
        "C:\Users\Admin\AppData\Local\Temp\start.exe"
        500⤵
        
        PID:3060

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15202173341182920413-13561380211155353220-1495277208-4364607061394017909-1260870818"
1⤵
PID:1252

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:3352

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "358987782-1714317340-946089308-210917931411341098882175891011944387565830026665"
1⤵
PID:2420

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1602323553-2120145662538983052417121133-2091658861-20014876261821155709-334583870"
1⤵
PID:308

C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
1⤵
PID:4044

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
PID:1672

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "961733391-683729216-1491850675-20200993931717341485229385642591289023569438528"
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CYOGDlLBkqNc112\Display\Display.png

Filesize
313KB

MD5
3e19801b4dd2d125fb256e297adb6434

SHA1
ca02a789001287ebfcb5718582a45462f2d8e07d

SHA256
f01ec2cd2b1774ffb35abdd895b63384ea41216b39aca3c814b00ae893bf2336

SHA512
328e19af14bf3ec5c343cb8c2af19bfa6b85fc2cf07108b132f80ef9062354c75f128a858b8e6d736b884a86124697ef648d5d61a3f02be3cd61044e6787c9b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\I86KeuSLNVd0dvq

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\wRuvRvHJPbqWdbd

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BI006B6LCR2YFL8MV04D.temp

Filesize
7KB

MD5
6bf598bb65407cbd39965c6bb1fafa80

SHA1
58b16914fd9ae726ab60d95bdf7429c368b34ec4

SHA256
a0ea53f73c682e5e7b1b494b5abe38ba4b9bd32b6123316f42aa24dcf800de3f

SHA512
607924744ac52b369247f399be3923ce3fac4baa3de00b91a859ab3b00539b3d131d649c17ca40a4d145f201d7890bb7226afae44f277c2e3111cfe7b03cd918

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
577f27e6d74bd8c5b7b0371f2b1e991c

SHA1
b334ccfe13792f82b698960cceaee2e690b85528

SHA256
0ade9ef91b5283eceb17614dd47eb450a5a2a371c410232552ad80af4fbfd5f9

SHA512
944b09b6b9d7c760b0c5add40efd9a25197c22e302c3c7e6d3f4837825ae9ee73e8438fc2c93e268da791f32deb70874799b8398ebae962a9fc51c980c7a5f5c

Download Submit
\Users\Admin\AppData\Local\Temp\NursultanStart.exe

Filesize
229KB

MD5
a635e377a579296af70e52f439465078

SHA1
68aff1bf9a48c1d8f326f9ee1d95a795c1b35c35

SHA256
11ca4440ffccc6e94fa1536d27eeafdceea8782202a56f3989b19f845d7864ac

SHA512
cef30f2e3385399c9659acb6938a68a46401b977cb84c1137cc18dd37009c61a91eeb473a65552bb5585af69ecfadd878db0a0f6bd24584153d9796a3e46db39

Download Submit
\Users\Admin\AppData\Local\Temp\start.exe

Filesize
192KB

MD5
066f7f594bf6f254748bc19562dd1bc3

SHA1
313883f4a7fbfc3c60b153492aeefb927c5d5694

SHA256
9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e

SHA512
04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca

Download Submit
memory/300-136-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/496-101-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/544-123-0x0000000002D60000-0x0000000002DE0000-memory.dmp

Filesize
512KB

Download
memory/544-120-0x000007FEED960000-0x000007FEEE2FD000-memory.dmp

Filesize
9.6MB

Download
memory/544-116-0x000000001B6B0000-0x000000001B992000-memory.dmp

Filesize
2.9MB

Download
memory/544-117-0x00000000022D0000-0x00000000022D8000-memory.dmp

Filesize
32KB

Download
memory/544-122-0x000007FEED960000-0x000007FEEE2FD000-memory.dmp

Filesize
9.6MB

Download
memory/544-121-0x0000000002D60000-0x0000000002DE0000-memory.dmp

Filesize
512KB

Download
memory/656-91-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/804-102-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/888-70-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/908-134-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/920-108-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/936-97-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/952-98-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/992-128-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1068-99-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1108-88-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1108-106-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1496-90-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1532-126-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1564-127-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1576-129-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1648-83-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1720-86-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1852-73-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1904-124-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1904-111-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1952-100-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/1972-125-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2044-82-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2108-130-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2144-81-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2176-118-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2176-45-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2196-131-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2200-85-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2248-80-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2340-96-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-72-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2384-74-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2392-138-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2396-139-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2440-132-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2472-17-0x00000000002B0000-0x00000000002F0000-memory.dmp

Filesize
256KB

Download
memory/2472-78-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2660-71-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2688-104-0x000000001B690000-0x000000001B972000-memory.dmp

Filesize
2.9MB

Download
memory/2688-107-0x0000000002B14000-0x0000000002B17000-memory.dmp

Filesize
12KB

Download
memory/2688-109-0x0000000002B1B000-0x0000000002B82000-memory.dmp

Filesize
412KB

Download
memory/2688-110-0x000007FEEE300000-0x000007FEEEC9D000-memory.dmp

Filesize
9.6MB

Download
memory/2688-105-0x0000000001F70000-0x0000000001F78000-memory.dmp

Filesize
32KB

Download
memory/2716-137-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2724-76-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2724-79-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/2724-119-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2796-84-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2804-75-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2808-135-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2836-133-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-77-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2932-87-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/2932-103-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download
memory/3060-89-0x000007FEF5A10000-0x000007FEF63FC000-memory.dmp

Filesize
9.9MB

Download