zgrat | 872a2f4decf76a5c8cf44a9b017a780847d8b3c50571433232e398ab0931c638

Analysis

max time kernel
685s
max time network
713s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nursultan 1.16.5 Crack.exe
Size

8.7MB
MD5

57ec49d438753f3bdfec6a616258b370
SHA1

a34f757f5f2bd4763f04206c0d0cd32ab4491117
SHA256

872a2f4decf76a5c8cf44a9b017a780847d8b3c50571433232e398ab0931c638
SHA512

88bdae1b6a45efa83c4a9ff28a4549c33db28ba2bb1d1911d028090e9dc3831ef57f6577388844a4cfccc60dbca70315a7f9d7311f6638bcf00da97110e1c64a
SSDEEP

196608:ITAJDpNk+Rl4/Xi/yRvyCyKuhBfldGdrmVLaY1rHgu:oAlzJ7yRvyCx+xpgu

Score

10^/10

zgrat persistence ransomware rat spyware stealer upx

Malware Config

Signatures

Detect ZGRat V1 7 IoCs

resource	yara_rule
behavioral1/files/0x00080000000141b5-23.dat	family_zgrat_v1
behavioral1/memory/4992-163-0x0000000000260000-0x00000000005EE000-memory.dmp	family_zgrat_v1
behavioral1/files/0x0006000000015362-239.dat	family_zgrat_v1
behavioral1/memory/9408-388-0x0000000000AD0000-0x0000000000E5E000-memory.dmp	family_zgrat_v1
behavioral1/memory/7672-1953-0x0000000001370000-0x00000000016FE000-memory.dmp	family_zgrat_v1
behavioral1/memory/10456-4205-0x0000000000DC0000-0x000000000114E000-memory.dmp	family_zgrat_v1
behavioral1/memory/8708-4487-0x00000000011D0000-0x000000000155E000-memory.dmp	family_zgrat_v1

Modifies WinLogon for persistence 2 TTPs 6 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\", \"C:\\Users\\Default User\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\", \"C:\\Users\\Default User\\wscript.exe\", \"C:\\Users\\Admin\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\", \"C:\\Users\\Default User\\wscript.exe\", \"C:\\Users\\Admin\\wscript.exe\", \"C:\\Windows\\Microsoft.NET\\authman\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\", \"C:\\Users\\Default User\\wscript.exe\", \"C:\\Users\\Admin\\wscript.exe\", \"C:\\Windows\\Microsoft.NET\\authman\\3b73a6fa2092a350d795.exe\", \"C:\\Program Files (x86)\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\", \"C:\\Users\\Default User\\wscript.exe\", \"C:\\Users\\Admin\\wscript.exe\", \"C:\\Windows\\Microsoft.NET\\authman\\3b73a6fa2092a350d795.exe\", \"C:\\Program Files (x86)\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\3b73a6fa2092a350d795.exe\", \"C:\\Webnet\\portmonitor.exe\""	portmonitor.exe

Process spawned unexpected child process 11 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	612	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2708	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2944	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3912	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4084	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	7004	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	2508	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3648	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6204	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	3816	1948	schtasks.exe	695
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	796	1948	WScript.exe	695

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 64 IoCs

pid	Process
2416	Nursultan 1.16.5 Crack.exe
2768	leetcrack.exe
2596	3b73a6fa2092a350d795.exe
2944	Nursultan 1.16.5 Crack.exe
2648	portmonitor.exe
2728	leetcrack.exe
2316	leetcrack.exe
2752	Nursultan 1.16.5 Crack.exe
2536	portmonitor.exe
2504	portmonitor.exe
2628	3b73a6fa2092a350d795.exe
2688	3b73a6fa2092a350d795.exe
2072	Nursultan 1.16.5 Crack.exe
2844	Nursultan 1.16.5 Crack.exe
2860	Nursultan 1.16.5 Crack.exe
2560	Nursultan 1.16.5 Crack.exe
1536	Nursultan 1.16.5 Crack.exe
1592	Nursultan 1.16.5 Crack.exe
1704	Nursultan 1.16.5 Crack.exe
2888	leetcrack.exe
992	Nursultan 1.16.5 Crack.exe
2156	Nursultan 1.16.5 Crack.exe
2824	leetcrack.exe
2964	leetcrack.exe
336	leetcrack.exe
1968	3b73a6fa2092a350d795.exe
740	leetcrack.exe
2832	leetcrack.exe
2088	leetcrack.exe
2332	leetcrack.exe
996	leetcrack.exe
1036	portmonitor.exe
1648	3b73a6fa2092a350d795.exe
1688	3b73a6fa2092a350d795.exe
656	portmonitor.exe
108	3b73a6fa2092a350d795.exe
588	3b73a6fa2092a350d795.exe
3004	portmonitor.exe
1804	portmonitor.exe
1152	portmonitor.exe
2120	3b73a6fa2092a350d795.exe
2304	3b73a6fa2092a350d795.exe
1980	3b73a6fa2092a350d795.exe
1388	3b73a6fa2092a350d795.exe
2288	portmonitor.exe
2428	portmonitor.exe
680	portmonitor.exe
1812	portmonitor.exe
2576	Nursultan 1.16.5 Crack.exe
1244	leetcrack.exe
1956	Nursultan 1.16.5 Crack.exe
2188	3b73a6fa2092a350d795.exe
2916	leetcrack.exe
1984	portmonitor.exe
2744	3b73a6fa2092a350d795.exe
2708	portmonitor.exe
2500	Nursultan 1.16.5 Crack.exe
1796	leetcrack.exe
2000	Nursultan 1.16.5 Crack.exe
1852	leetcrack.exe
2800	3b73a6fa2092a350d795.exe
3068	portmonitor.exe
2316	Nursultan 1.16.5 Crack.exe
2072	3b73a6fa2092a350d795.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	Nursultan 1.16.5 Crack.exe
2248	Nursultan 1.16.5 Crack.exe
2248	Nursultan 1.16.5 Crack.exe
2768	leetcrack.exe
2416	Nursultan 1.16.5 Crack.exe
2768	leetcrack.exe
2416	Nursultan 1.16.5 Crack.exe
2416	Nursultan 1.16.5 Crack.exe
2944	Nursultan 1.16.5 Crack.exe
2944	Nursultan 1.16.5 Crack.exe
2944	Nursultan 1.16.5 Crack.exe
2728	leetcrack.exe
2728	leetcrack.exe
2316	leetcrack.exe
2316	leetcrack.exe
2752	Nursultan 1.16.5 Crack.exe
2072	Nursultan 1.16.5 Crack.exe
2072	Nursultan 1.16.5 Crack.exe
2844	Nursultan 1.16.5 Crack.exe
2860	Nursultan 1.16.5 Crack.exe
2560	Nursultan 1.16.5 Crack.exe
1536	Nursultan 1.16.5 Crack.exe
1592	Nursultan 1.16.5 Crack.exe
2072	Nursultan 1.16.5 Crack.exe
2752	Nursultan 1.16.5 Crack.exe
1704	Nursultan 1.16.5 Crack.exe
992	Nursultan 1.16.5 Crack.exe
2888	leetcrack.exe
2844	Nursultan 1.16.5 Crack.exe
2860	Nursultan 1.16.5 Crack.exe
2560	Nursultan 1.16.5 Crack.exe
1592	Nursultan 1.16.5 Crack.exe
2752	Nursultan 1.16.5 Crack.exe
1536	Nursultan 1.16.5 Crack.exe
2844	Nursultan 1.16.5 Crack.exe
1592	Nursultan 1.16.5 Crack.exe
2860	Nursultan 1.16.5 Crack.exe
992	Nursultan 1.16.5 Crack.exe
992	Nursultan 1.16.5 Crack.exe
2560	Nursultan 1.16.5 Crack.exe
1536	Nursultan 1.16.5 Crack.exe
1704	Nursultan 1.16.5 Crack.exe
1704	Nursultan 1.16.5 Crack.exe
2888	leetcrack.exe
336	leetcrack.exe
2824	leetcrack.exe
2964	leetcrack.exe
336	leetcrack.exe
2824	leetcrack.exe
2964	leetcrack.exe
740	leetcrack.exe
740	leetcrack.exe
2832	leetcrack.exe
2832	leetcrack.exe
2088	leetcrack.exe
2088	leetcrack.exe
2332	leetcrack.exe
2332	leetcrack.exe
996	leetcrack.exe
996	leetcrack.exe
2156	Nursultan 1.16.5 Crack.exe
2156	Nursultan 1.16.5 Crack.exe
2156	Nursultan 1.16.5 Crack.exe
1244	leetcrack.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0033000000013f21-20.dat	upx
behavioral1/memory/2596-27-0x000000013F0D0000-0x000000013FCFA000-memory.dmp	upx

Adds Run key to start application 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Program Files (x86)\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wscript = "\"C:\\Users\\Default User\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wscript = "\"C:\\Users\\Admin\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Program Files (x86)\\Microsoft SQL Server Compact Edition\\v3.5\\Desktop\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Windows\\Microsoft.NET\\authman\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\portmonitor = "\"C:\\Webnet\\portmonitor.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\portmonitor = "\"C:\\Webnet\\portmonitor.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Program Files (x86)\\Windows Mail\\it-IT\\3b73a6fa2092a350d795.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wscript = "\"C:\\Users\\Default User\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\wscript = "\"C:\\Users\\Admin\\wscript.exe\""	portmonitor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\3b73a6fa2092a350d795 = "\"C:\\Windows\\Microsoft.NET\\authman\\3b73a6fa2092a350d795.exe\""	portmonitor.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\tcszo9.exe	csc.exe
File created	\??\c:\Windows\System32\CSCD40F2ABD9C924CABA4948A6323DA6738.TMP	csc.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b1397aec-340d-407f-84b7-c108cf849afa.bmp"	Process not Found

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\3b73a6fa2092a350d795.exe	portmonitor.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\3b73a6fa2092a350d795.exe	portmonitor.exe
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\5edc5a7018482e	portmonitor.exe
File created	C:\Program Files (x86)\Windows Mail\it-IT\3b73a6fa2092a350d795.exe	portmonitor.exe
File created	C:\Program Files (x86)\Windows Mail\it-IT\5edc5a7018482e	portmonitor.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\authman\3b73a6fa2092a350d795.exe	portmonitor.exe
File created	C:\Windows\Microsoft.NET\authman\5edc5a7018482e	portmonitor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 18 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
7004	schtasks.exe
6056	schtasks.exe
2508	schtasks.exe
3816	schtasks.exe
5720	schtasks.exe
4916	schtasks.exe
3912	schtasks.exe
4084	schtasks.exe
3648	schtasks.exe
6204	schtasks.exe
612	schtasks.exe
2708	schtasks.exe
3500	schtasks.exe
5592	schtasks.exe
4884	schtasks.exe
5592	schtasks.exe
2944	schtasks.exe
3240	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Process not Found

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\WallpaperStyle = "2"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\Desktop\TileWallpaper = "0"	Process not Found

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4628	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe
4776	portmonitor.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7672	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	portmonitor.exe
Token: SeDebugPrivilege	5572	portmonitor.exe
Token: SeDebugPrivilege	5436	portmonitor.exe
Token: SeDebugPrivilege	4776	portmonitor.exe
Token: SeDebugPrivilege	4992	portmonitor.exe
Token: SeDebugPrivilege	5536	portmonitor.exe
Token: SeDebugPrivilege	5448	portmonitor.exe
Token: SeDebugPrivilege	5748	portmonitor.exe
Token: SeDebugPrivilege	5996	portmonitor.exe
Token: SeDebugPrivilege	6052	portmonitor.exe
Token: SeDebugPrivilege	6112	portmonitor.exe
Token: SeDebugPrivilege	328	portmonitor.exe
Token: SeDebugPrivilege	2076	portmonitor.exe
Token: SeDebugPrivilege	1928	portmonitor.exe
Token: SeDebugPrivilege	5916	portmonitor.exe
Token: SeDebugPrivilege	5308	portmonitor.exe
Token: SeDebugPrivilege	2292	portmonitor.exe
Token: SeDebugPrivilege	320	portmonitor.exe
Token: SeDebugPrivilege	2144	portmonitor.exe
Token: SeDebugPrivilege	5820	portmonitor.exe
Token: SeDebugPrivilege	2604	portmonitor.exe
Token: SeDebugPrivilege	6328	portmonitor.exe
Token: SeDebugPrivilege	6336	portmonitor.exe
Token: SeDebugPrivilege	6428	portmonitor.exe
Token: SeDebugPrivilege	6768	portmonitor.exe
Token: SeDebugPrivilege	6648	portmonitor.exe
Token: SeDebugPrivilege	6604	portmonitor.exe
Token: SeDebugPrivilege	6728	portmonitor.exe
Token: SeDebugPrivilege	6916	portmonitor.exe
Token: SeDebugPrivilege	6932	portmonitor.exe
Token: SeDebugPrivilege	6900	portmonitor.exe
Token: SeDebugPrivilege	6924	portmonitor.exe
Token: SeDebugPrivilege	6908	portmonitor.exe
Token: SeDebugPrivilege	6892	portmonitor.exe
Token: SeDebugPrivilege	6220	portmonitor.exe
Token: SeDebugPrivilege	324	portmonitor.exe
Token: SeDebugPrivilege	6156	portmonitor.exe
Token: SeDebugPrivilege	6356	portmonitor.exe
Token: SeDebugPrivilege	2156	portmonitor.exe
Token: SeDebugPrivilege	3332	portmonitor.exe
Token: SeDebugPrivilege	5816	portmonitor.exe
Token: SeDebugPrivilege	1644	portmonitor.exe
Token: SeDebugPrivilege	580	portmonitor.exe
Token: SeDebugPrivilege	1744	portmonitor.exe
Token: SeDebugPrivilege	9408	Process not Found
Token: SeDebugPrivilege	7068	portmonitor.exe
Token: SeDebugPrivilege	3648	portmonitor.exe
Token: SeDebugPrivilege	3440	portmonitor.exe
Token: SeDebugPrivilege	5696	portmonitor.exe
Token: SeDebugPrivilege	2372	portmonitor.exe
Token: SeDebugPrivilege	5744	portmonitor.exe
Token: SeDebugPrivilege	4468	portmonitor.exe
Token: SeDebugPrivilege	4952	portmonitor.exe
Token: SeDebugPrivilege	7516	portmonitor.exe
Token: SeDebugPrivilege	7408	portmonitor.exe
Token: SeDebugPrivilege	5408	portmonitor.exe
Token: SeDebugPrivilege	3852	portmonitor.exe
Token: SeDebugPrivilege	5992	portmonitor.exe
Token: SeDebugPrivilege	6048	portmonitor.exe
Token: SeDebugPrivilege	5852	portmonitor.exe
Token: SeDebugPrivilege	7912	portmonitor.exe
Token: SeDebugPrivilege	4760	portmonitor.exe
Token: SeDebugPrivilege	2552	portmonitor.exe
Token: SeDebugPrivilege	6340	Process not Found

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
9676	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found
6236	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2416	2248	Nursultan 1.16.5 Crack.exe	893
PID 2248 wrote to memory of 2416	2248	Nursultan 1.16.5 Crack.exe	893
PID 2248 wrote to memory of 2416	2248	Nursultan 1.16.5 Crack.exe	893
PID 2248 wrote to memory of 2416	2248	Nursultan 1.16.5 Crack.exe	893
PID 2248 wrote to memory of 2768	2248	Nursultan 1.16.5 Crack.exe	214
PID 2248 wrote to memory of 2768	2248	Nursultan 1.16.5 Crack.exe	214
PID 2248 wrote to memory of 2768	2248	Nursultan 1.16.5 Crack.exe	214
PID 2248 wrote to memory of 2768	2248	Nursultan 1.16.5 Crack.exe	214
PID 2768 wrote to memory of 2596	2768	leetcrack.exe	30
PID 2768 wrote to memory of 2596	2768	leetcrack.exe	30
PID 2768 wrote to memory of 2596	2768	leetcrack.exe	30
PID 2768 wrote to memory of 2596	2768	leetcrack.exe	30
PID 2768 wrote to memory of 2648	2768	leetcrack.exe	32
PID 2768 wrote to memory of 2648	2768	leetcrack.exe	32
PID 2768 wrote to memory of 2648	2768	leetcrack.exe	32
PID 2768 wrote to memory of 2648	2768	leetcrack.exe	32
PID 2416 wrote to memory of 2944	2416	Nursultan 1.16.5 Crack.exe	830
PID 2416 wrote to memory of 2944	2416	Nursultan 1.16.5 Crack.exe	830
PID 2416 wrote to memory of 2944	2416	Nursultan 1.16.5 Crack.exe	830
PID 2416 wrote to memory of 2944	2416	Nursultan 1.16.5 Crack.exe	830
PID 2416 wrote to memory of 2728	2416	Nursultan 1.16.5 Crack.exe	33
PID 2416 wrote to memory of 2728	2416	Nursultan 1.16.5 Crack.exe	33
PID 2416 wrote to memory of 2728	2416	Nursultan 1.16.5 Crack.exe	33
PID 2416 wrote to memory of 2728	2416	Nursultan 1.16.5 Crack.exe	33
PID 2944 wrote to memory of 2752	2944	Nursultan 1.16.5 Crack.exe	126
PID 2944 wrote to memory of 2752	2944	Nursultan 1.16.5 Crack.exe	126
PID 2944 wrote to memory of 2752	2944	Nursultan 1.16.5 Crack.exe	126
PID 2944 wrote to memory of 2752	2944	Nursultan 1.16.5 Crack.exe	126
PID 2944 wrote to memory of 2316	2944	Nursultan 1.16.5 Crack.exe	104
PID 2944 wrote to memory of 2316	2944	Nursultan 1.16.5 Crack.exe	104
PID 2944 wrote to memory of 2316	2944	Nursultan 1.16.5 Crack.exe	104
PID 2944 wrote to memory of 2316	2944	Nursultan 1.16.5 Crack.exe	104
PID 2728 wrote to memory of 2628	2728	leetcrack.exe	36
PID 2728 wrote to memory of 2628	2728	leetcrack.exe	36
PID 2728 wrote to memory of 2628	2728	leetcrack.exe	36
PID 2728 wrote to memory of 2628	2728	leetcrack.exe	36
PID 2728 wrote to memory of 2536	2728	leetcrack.exe	102
PID 2728 wrote to memory of 2536	2728	leetcrack.exe	102
PID 2728 wrote to memory of 2536	2728	leetcrack.exe	102
PID 2728 wrote to memory of 2536	2728	leetcrack.exe	102
PID 2316 wrote to memory of 2688	2316	leetcrack.exe	38
PID 2316 wrote to memory of 2688	2316	leetcrack.exe	38
PID 2316 wrote to memory of 2688	2316	leetcrack.exe	38
PID 2316 wrote to memory of 2688	2316	leetcrack.exe	38
PID 2316 wrote to memory of 2504	2316	leetcrack.exe	39
PID 2316 wrote to memory of 2504	2316	leetcrack.exe	39
PID 2316 wrote to memory of 2504	2316	leetcrack.exe	39
PID 2316 wrote to memory of 2504	2316	leetcrack.exe	39
PID 2752 wrote to memory of 2072	2752	Nursultan 1.16.5 Crack.exe	105
PID 2752 wrote to memory of 2072	2752	Nursultan 1.16.5 Crack.exe	105
PID 2752 wrote to memory of 2072	2752	Nursultan 1.16.5 Crack.exe	105
PID 2752 wrote to memory of 2072	2752	Nursultan 1.16.5 Crack.exe	105
PID 2072 wrote to memory of 2844	2072	Nursultan 1.16.5 Crack.exe	42
PID 2072 wrote to memory of 2844	2072	Nursultan 1.16.5 Crack.exe	42
PID 2072 wrote to memory of 2844	2072	Nursultan 1.16.5 Crack.exe	42
PID 2072 wrote to memory of 2844	2072	Nursultan 1.16.5 Crack.exe	42
PID 2504 wrote to memory of 2848	2504	portmonitor.exe	41
PID 2504 wrote to memory of 2848	2504	portmonitor.exe	41
PID 2504 wrote to memory of 2848	2504	portmonitor.exe	41
PID 2504 wrote to memory of 2848	2504	portmonitor.exe	41
PID 2536 wrote to memory of 2820	2536	portmonitor.exe	43
PID 2536 wrote to memory of 2820	2536	portmonitor.exe	43
PID 2536 wrote to memory of 2820	2536	portmonitor.exe	43
PID 2536 wrote to memory of 2820	2536	portmonitor.exe	43

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
  "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
      "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        14⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        15⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        16⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        17⤵
        Executes dropped EXE
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        18⤵
        Executes dropped EXE
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        19⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        20⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        21⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        22⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        23⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        24⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        25⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        26⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        27⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        28⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        29⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        30⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        31⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        32⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        33⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        34⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        35⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        36⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        37⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        38⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        39⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        40⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        41⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        42⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        43⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        44⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        45⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        46⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        47⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        48⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        49⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        50⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        51⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        52⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        53⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        54⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        55⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        56⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        57⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        58⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        59⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        60⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        61⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        62⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        63⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        64⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        65⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        66⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        67⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        68⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        69⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        70⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        71⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        72⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        73⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        74⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        75⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        76⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        77⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        78⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        79⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        80⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        81⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        82⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        83⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        84⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        85⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        86⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        87⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        88⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        89⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        90⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        91⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        92⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        93⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        94⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        95⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        96⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        97⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        98⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        99⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        100⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        101⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        102⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        103⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        104⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        105⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        106⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        107⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        108⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        109⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        110⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        111⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        112⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        113⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        114⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        115⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        116⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        117⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        118⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        119⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        120⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        121⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        122⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        123⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        124⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        125⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        126⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        127⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        128⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        129⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        130⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        131⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        132⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        133⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        134⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        135⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        136⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        137⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        138⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        139⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        140⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        141⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        142⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        143⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        144⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        145⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        146⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        147⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        148⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        149⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        150⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        151⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        152⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        153⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        154⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        155⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        156⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        157⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        158⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        159⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        160⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        161⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        162⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        163⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        164⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        165⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        166⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        167⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        168⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        169⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        170⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        171⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        172⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        173⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        174⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        175⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        176⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        177⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        178⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        179⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        180⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        181⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        182⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        183⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        184⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        185⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        186⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        187⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        188⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        189⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        190⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        191⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        192⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        193⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        194⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        195⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        196⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        197⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        198⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        199⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        200⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        201⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        202⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        203⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        204⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        205⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        206⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        207⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        208⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        209⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        210⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        211⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        212⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        213⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        214⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        215⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        216⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe"
        217⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        145⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        144⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        143⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        142⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        141⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        140⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        141⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        141⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        139⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        138⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        137⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        138⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        138⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        139⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        136⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        137⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        137⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        138⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        135⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        136⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        136⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        137⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        134⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        135⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        135⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        136⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        133⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        134⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        134⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        135⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        132⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        133⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        133⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        134⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        131⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        132⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        132⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        133⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        130⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        131⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        131⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        132⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        129⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        130⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        130⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        131⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        128⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        129⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        129⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        130⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        127⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        128⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        128⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        129⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        126⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        127⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        127⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        128⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        125⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        126⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        126⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        127⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        124⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        125⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        125⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        126⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        123⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        124⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        124⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        125⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        122⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        123⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        123⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        124⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        121⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        122⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        122⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        123⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        120⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        121⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        121⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        122⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        119⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        120⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        120⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        121⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        118⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        119⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        119⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        120⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        117⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        118⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        118⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        119⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        116⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        117⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        117⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        118⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        115⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        116⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        116⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        117⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        114⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        115⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        115⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        116⤵
        Process spawned unexpected child process
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        113⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        114⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        114⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        115⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        112⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        113⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        113⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        114⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        111⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        112⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        112⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        113⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        110⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        111⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        111⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        112⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        109⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        110⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        110⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        111⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        112⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        108⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        109⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        109⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        110⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        111⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        107⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        108⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        108⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        109⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        110⤵
        
        PID:8004
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        111⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        106⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        107⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        107⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        108⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        109⤵
        
        PID:7992
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        110⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        105⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        106⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        106⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        107⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        108⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        104⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        105⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        105⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        106⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        107⤵
        
        PID:7708
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        108⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        103⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        104⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        104⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        105⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        106⤵
        
        PID:7596
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        107⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        102⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        103⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        103⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        104⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        105⤵
        
        PID:7532
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        106⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        101⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        102⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        102⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        103⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        104⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        100⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        101⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        101⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        102⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        103⤵
        
        PID:7332
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        104⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        99⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        100⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        100⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        101⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        102⤵
        
        PID:7364
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        103⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        98⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        99⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        99⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        100⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        101⤵
        
        PID:7248
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        102⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        97⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        98⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        98⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        99⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        100⤵
        
        PID:7180
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        101⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        96⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        97⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        97⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        98⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        99⤵
        
        PID:6060
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        100⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        95⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        96⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        96⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        97⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        98⤵
        
        PID:5404
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        99⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        94⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        95⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        95⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        96⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        97⤵
        
        PID:4596
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        98⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        93⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        94⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        94⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        95⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        96⤵
        
        PID:4224
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        97⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        92⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        93⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        93⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        94⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        95⤵
        
        PID:4444
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        96⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        91⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        92⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        92⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        93⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        94⤵
        
        PID:5040
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        95⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        90⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        91⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        91⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        92⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        93⤵
        
        PID:5088
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        94⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        89⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        90⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        90⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        91⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        92⤵
        
        PID:4232
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        93⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        88⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        89⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        89⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        90⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        91⤵
        
        PID:4344
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        92⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        87⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        88⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        88⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        89⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        90⤵
        
        PID:820
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        91⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        86⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        87⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        87⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        88⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        89⤵
        
        PID:4116
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        90⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        85⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        86⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        86⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        87⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        88⤵
        
        PID:4464
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        89⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        84⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        85⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        85⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        86⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        87⤵
        
        PID:4972
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        88⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        83⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        84⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        84⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        85⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        86⤵
        
        PID:5752
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        87⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        82⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        83⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        83⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        84⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        85⤵
        
        PID:6204
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        86⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        81⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        82⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        82⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        83⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        84⤵
        
        PID:4924
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        85⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        80⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        81⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        81⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        82⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        83⤵
        
        PID:4376
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        84⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        79⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        80⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        80⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        81⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        82⤵
        
        PID:1752
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        83⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        78⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        79⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        79⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        80⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        81⤵
        
        PID:4244
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        82⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        77⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        78⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        78⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        79⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        80⤵
        
        PID:3368
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        81⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        76⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        77⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        77⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        78⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        79⤵
        
        PID:3232
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        80⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        75⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        76⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        76⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        77⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        78⤵
        
        PID:5724
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        79⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        74⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        75⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        75⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        76⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        77⤵
        
        PID:6284
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        78⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        73⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        74⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        74⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        75⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        76⤵
        
        PID:3636
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        77⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        72⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        73⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        73⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        74⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        75⤵
        
        PID:3632
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        76⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        71⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        72⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        72⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        73⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        74⤵
        
        PID:3544
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        75⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        70⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        71⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        71⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        72⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        73⤵
        
        PID:3180
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        74⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        69⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        70⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        70⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        71⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        72⤵
        
        PID:2528
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        73⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        68⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        69⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        69⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        70⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        71⤵
        
        PID:2256
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        72⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        67⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        68⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        68⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        69⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        70⤵
        
        PID:2948
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        71⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        66⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        67⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        67⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        68⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        69⤵
        
        PID:7084
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        70⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        65⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        66⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        66⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        67⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        68⤵
        
        PID:4072
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        69⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        64⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        65⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        65⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        66⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        67⤵
        
        PID:4024
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        68⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        63⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        64⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        64⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        65⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        66⤵
        
        PID:1136
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        67⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        62⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        63⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        63⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        64⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        65⤵
        
        PID:2984
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        66⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        61⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        62⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        62⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        63⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        64⤵
        
        PID:1516
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        60⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        61⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        61⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        62⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        63⤵
        
        PID:2100
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        64⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        59⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        60⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        60⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        61⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        62⤵
        
        PID:6464
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        63⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        58⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        59⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        59⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        60⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        61⤵
        
        PID:6856
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        62⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        57⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        58⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        58⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        59⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        60⤵
        
        PID:3812
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        61⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        56⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        57⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        57⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        58⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        59⤵
        
        PID:3916
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        60⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        55⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        56⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        56⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        57⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        58⤵
        
        PID:3668
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        59⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        54⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        55⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        55⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        56⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        57⤵
        
        PID:1628
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        58⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        53⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        54⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        54⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        55⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        56⤵
        
        PID:3392
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        57⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        52⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        53⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        53⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        54⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        55⤵
        
        PID:1152
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        56⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        51⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        52⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        52⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        53⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        54⤵
        
        PID:2780
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        55⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        50⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        51⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        51⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        52⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        53⤵
        
        PID:6180
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        54⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        49⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        50⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        50⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        51⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        52⤵
        
        PID:1916
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        53⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        48⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        49⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        49⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        50⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        51⤵
        
        PID:1640
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        52⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        47⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        48⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        48⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        49⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        50⤵
        
        PID:2112
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        51⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        46⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        47⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        47⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        48⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        49⤵
        
        PID:1592
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        50⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        45⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        46⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        46⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        47⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        48⤵
        
        PID:2824
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        49⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        44⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        45⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        45⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        46⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        47⤵
        
        PID:564
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        48⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        43⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        44⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        44⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        45⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        46⤵
        
        PID:7100
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        47⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        42⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        43⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        43⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        44⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        45⤵
        
        PID:7120
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        46⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        41⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        42⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        42⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        43⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        44⤵
        
        PID:6964
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        45⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        40⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        41⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        41⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        42⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        43⤵
        
        PID:6952
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        44⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        39⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        40⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        40⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        41⤵
        
        PID:920
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        42⤵
        
        PID:6824
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        38⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        39⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        39⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        40⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        41⤵
        
        PID:6668
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        42⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        37⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        38⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        38⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        39⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        40⤵
        
        PID:6576
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        41⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        36⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        37⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        37⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        38⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        39⤵
        
        PID:6560
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        40⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        35⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        36⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        36⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        37⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        38⤵
        
        PID:6568
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        39⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        34⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        35⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        35⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        36⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        37⤵
        
        PID:6444
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        38⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        33⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        34⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        34⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        35⤵
        
        PID:656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        36⤵
        
        PID:6316
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        32⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        33⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        33⤵
        
        PID:816
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        34⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        35⤵
        
        PID:6236
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        36⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        31⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        32⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        32⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        33⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        34⤵
        
        PID:6296
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        35⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        30⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        31⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        31⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        32⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        33⤵
        
        PID:6172
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        34⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        29⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        30⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        30⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        31⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        32⤵
        
        PID:6184
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        33⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        28⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        29⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        29⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        30⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        31⤵
        
        PID:6196
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        32⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        27⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        28⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        28⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        29⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        30⤵
        
        PID:2348
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        31⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        26⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        27⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        27⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        28⤵
        
        PID:612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        29⤵
        
        PID:1552
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        30⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        25⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        26⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        26⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        27⤵
        
        PID:836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        28⤵
        
        PID:6268
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        29⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        24⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        25⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        25⤵
        
        PID:680
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        26⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        27⤵
        
        PID:3036
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        28⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        23⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        24⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        24⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        25⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        26⤵
        
        PID:5280
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        27⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        22⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        23⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        23⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        24⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        25⤵
        
        PID:488
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        26⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        21⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        22⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        22⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        23⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        24⤵
        
        PID:1748
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        25⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        20⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        21⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        21⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        22⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        23⤵
        
        PID:5932
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        24⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        19⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        20⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        20⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        21⤵
        
        PID:908
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        22⤵
        
        PID:5880
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        23⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        18⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        19⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        19⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        20⤵
        
        PID:984
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        21⤵
        
        PID:916
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        22⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        17⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        18⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        18⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        19⤵
        
        PID:308
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        20⤵
        
        PID:5852
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        21⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        16⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        17⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        17⤵
        Executes dropped EXE
        
        PID:3068
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        18⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        19⤵
        
        PID:5868
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        20⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        15⤵
        Executes dropped EXE
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        16⤵
        Executes dropped EXE
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        16⤵
        Executes dropped EXE
        
        PID:2708
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        17⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        18⤵
        
        PID:4940
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        19⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        15⤵
        Executes dropped EXE
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        15⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        16⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        17⤵
        
        PID:5484
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        18⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        14⤵
        Executes dropped EXE
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        14⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        15⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        16⤵
        
        PID:5248
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        17⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        13⤵
        Executes dropped EXE
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        13⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        14⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        15⤵
        
        PID:5972
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        12⤵
        Executes dropped EXE
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        12⤵
        Executes dropped EXE
        
        PID:2428
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        13⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        14⤵
        
        PID:6020
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        15⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        11⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        11⤵
        Executes dropped EXE
        
        PID:3004
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        12⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        13⤵
        
        PID:6028
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        14⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        10⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        10⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        11⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        12⤵
        
        PID:5288
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        13⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        9⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        9⤵
        Executes dropped EXE
        
        PID:680
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        10⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        11⤵
        
        PID:5636
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        12⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        8⤵
        Executes dropped EXE
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        8⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        9⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        10⤵
        
        PID:5844
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        11⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        7⤵
        Executes dropped EXE
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        7⤵
        Executes dropped EXE
        
        PID:1036
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        9⤵
        
        PID:5272
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        10⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        6⤵
        Executes dropped EXE
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        6⤵
        Executes dropped EXE
        
        PID:656
        
        C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        7⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        8⤵
        
        PID:5240
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        9⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
      "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
        5⤵
        Executes dropped EXE
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
        
        "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2504
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        6⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        7⤵
        
        PID:4828
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4992
- - C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
    "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
      "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
      4⤵
      Executes dropped EXE
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
      "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
        5⤵
        
        PID:2820
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        6⤵
        
        PID:2876
        
        C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        7⤵
        Modifies WinLogon for persistence
        Adds Run key to start application
        Drops file in Program Files directory
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4776
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lkv1fwn3\lkv1fwn3.cmdline"
        8⤵
        Drops file in System32 directory
        
        PID:2516
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C51.tmp" "c:\Windows\System32\CSCD40F2ABD9C924CABA4948A6323DA6738.TMP"
        9⤵
        
        PID:540
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\PciM9r4INB.bat"
        8⤵
        
        PID:4568
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        9⤵
        
        PID:4444
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        9⤵
        Runs ping.exe
        
        PID:4628
- C:\Users\Admin\AppData\Local\Temp\leetcrack.exe
  "C:\Users\Admin\AppData\Local\Temp\leetcrack.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe
    "C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe"
    3⤵
    - Executes dropped EXE
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\portmonitor.exe
    "C:\Users\Admin\AppData\Local\Temp\portmonitor.exe"
    3⤵
    - Executes dropped EXE
    PID:2648
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe"
      4⤵
      PID:328
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Webnet\x9qTsv13UFeYw.bat" "
        5⤵
        
        PID:5060
      - C:\Webnet\portmonitor.exe
        
        "C:\Webnet/portmonitor.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5064

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-579081149872764827797299862174606769-16492654351102116175-909702475-1911332605"
1⤵
PID:2832

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\3b73a6fa2092a350d795.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:612

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d795" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\it-IT\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:6204

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Windows Mail\it-IT\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2708

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8382099891637094594191155119273752402-2251522101648187851-851565953-1041634385"
1⤵
PID:5900

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\wscript.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2944

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Users\Default User\wscript.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:3912

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 9 /tr "'C:\Users\Default User\wscript.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:3648

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 8 /tr "'C:\Users\Admin\wscript.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:4084

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscript" /sc ONLOGON /tr "'C:\Users\Admin\wscript.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:7004

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wscriptw" /sc MINUTE /mo 12 /tr "'C:\Users\Admin\wscript.exe'" /rl HIGHEST /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:2508

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1086007775-2410562595010460741622617150-1148084651124254457-1910338644715806435"
1⤵
PID:3400

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2305720311058602579108207601816570319201675865141-13423977-841995982352922876"
1⤵
PID:2700

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 12 /tr "'C:\Windows\Microsoft.NET\authman\3b73a6fa2092a350d795.exe'" /f
1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
PID:3816

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1477324192960364695-9419360490923649407053811-1364185630667439057163723511"
1⤵
PID:5672

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d795" /sc ONLOGON /tr "'C:\Windows\Microsoft.NET\authman\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:3240

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "54766286-1536740449-896025587752749262-20415672291775741991627411826-1333653579"
1⤵
PID:2580

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-57418534985731981-1886134683-10904610411464912132-12114649072134697993184403824"
1⤵
PID:3572

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1982140739-42247638117609647297062873021794990157-1411550057-862960125997130686"
1⤵
PID:2512

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1124331372-471040348-17628740231995814958-1912102026-19374071881487266505-1582277999"
1⤵
PID:5240

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 13 /tr "'C:\Windows\Microsoft.NET\authman\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:5720

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\3b73a6fa2092a350d795.exe'" /f
1⤵
- Creates scheduled task(s)
PID:3500

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1086372394110453585112720668455689452511337101027017144251364600408-1820003020"
1⤵
PID:3184

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17392311041581184411-1442353348815284366-900132044-58931576-662247400-1861751784"
1⤵
PID:5076

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d795" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:5592

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "743581656-1740407644-1105633319-1381037385191906156318572604942073289460-974420081"
1⤵
PID:4388

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "3b73a6fa2092a350d7953" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\3b73a6fa2092a350d795.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:6056

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portmonitorp" /sc MINUTE /mo 8 /tr "'C:\Webnet\portmonitor.exe'" /f
1⤵
- Creates scheduled task(s)
PID:4884

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-763520255-3526197553014056591525132587-30166459-1237008309-4065816161988558842"
1⤵
PID:4112

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portmonitor" /sc ONLOGON /tr "'C:\Webnet\portmonitor.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:5592

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "728393675-77905343917143676451491915513-707589836-5212343333265276-1890060618"
1⤵
PID:4540

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-880088768-1672115072-13753211711775257855-335778181-21327617511023621488-784682175"
1⤵
PID:4176

C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "portmonitorp" /sc MINUTE /mo 6 /tr "'C:\Webnet\portmonitor.exe'" /rl HIGHEST /f
1⤵
- Creates scheduled task(s)
PID:4916

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1121200182898577123-399786852-671373599-4669782801392376506815617410-1244549395"
1⤵
PID:4896

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-480884085-756500569-1781595028-1304015341-1404901339-2095019537-810817168-613856253"
1⤵
PID:4744

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-240100514-20107771272050033311-1010631764-172962442787106068-482271294122625899"
1⤵
PID:6052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
aa3329637e551b89b0c0a975df3c90be

SHA1
31f5acdb05edef7863f612ba6fab2c76ea1dbf75

SHA256
a127ef9856b73422d831e6254124e56e5315454a3511e62711f093129ba62814

SHA512
aaf93666203deb22c19243a821278eda32f3c11539d23e296d13c06650799f542d6fc8a37a97de864749704d3c4e3ca4365a3f79aae25a4e872d3369f8c9137e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f0c91f452b0af83a874f6b4dc6d1d20

SHA1
0cc956dcd69b07538bc24bb71b5a245a93072107

SHA256
ede47db29d0be9e304deb9f8602c5e930f586233ae0d67a3bbe663347a57ee66

SHA512
bfa762b7c69a25c0ee3b3fc4d24f75507b706a34e15a288d782f835fbb9d971bd107075a649e73f6762313f95189e8f1a0919c2ad8f5cae623ed4fd6089dab0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3b73a6fa2092a350d795.exe

Filesize
5.2MB

MD5
b86bbb42b26e72a601087f68cda89208

SHA1
baca49e35da3b83cd56ba579d61f98e9b137debe

SHA256
320eff01b2a5b520853cd9b0c7486b3d9992dce2f9308f267069a60f88f8deb0

SHA512
e98dfeb55d6053d6e2ec323f4665b4ea8cdb5bae0807ac70ac5dbb6cf7f3e8e1ba6a2ad099f8232b0e0ca9a738a9baf7d132957fb5d503c78283b229e35ed974

Download Submit
C:\Users\Admin\AppData\Local\Temp\leetcrack.exe

Filesize
8.7MB

MD5
93144ffd83e528ff8651605be2d2c1a4

SHA1
6c661ce690ecd3ecd21c8953e410543fcf8a69ad

SHA256
4ded33a5b292e88739e50c25c4db2ec8a4b444b21431f3daba87a2573965bd60

SHA512
5236edcac0e56126c0f83eccc930a96548788694e1505ee0f74e77ed41582b1c92573de2fef0bf1e69fa3e9bc355f45f4671a67da66612e1a24b8eb849ea668c

Download Submit
C:\Users\Admin\wscript.exe

Filesize
3.5MB

MD5
aa6c98cd853bf585a410394fd10817dc

SHA1
ceab1865997ae2c6e070a9c6adf6b129cf2ad383

SHA256
fc45eebea5ae88160a2ac49fe7e027baeee028c4f4b021794726a04ecea8c90b

SHA512
2ada05425dce38fd9fe48c9ceb6a21c59c5e7088274c4445dfde054974f14f8feba5012909c5a75d7932a6bcbb488e38d34d9c970cd61c636ee13abc59e06562

Download Submit
C:\Webnet\xEX0MYAV03ULsqYY87UbhI7XqesjrcJfyK7h.vbe

Filesize
209B

MD5
1fefc5b72cd89c9f83dcf8a47b254f58

SHA1
909c965e493baab2203bac16be714cfb88a75f0d

SHA256
7f03a5563b7186e6c6efa09392c843783b9a3375bcfbe29e4b9c8fc6f3032c3c

SHA512
5bada5c497c306276c348569995cb254b3e6dcf2a8c10e48eadded26b69e7d5690503b8d9610f46b91a28effbe4be8d7345938d8c59d9f5343186f4d60e526ca

Download Submit
\Users\Admin\AppData\Local\Temp\Nursultan 1.16.5 Crack.exe

Filesize
8.7MB

MD5
57ec49d438753f3bdfec6a616258b370

SHA1
a34f757f5f2bd4763f04206c0d0cd32ab4491117

SHA256
872a2f4decf76a5c8cf44a9b017a780847d8b3c50571433232e398ab0931c638

SHA512
88bdae1b6a45efa83c4a9ff28a4549c33db28ba2bb1d1911d028090e9dc3831ef57f6577388844a4cfccc60dbca70315a7f9d7311f6638bcf00da97110e1c64a

Download Submit
\Users\Admin\AppData\Local\Temp\portmonitor.exe

Filesize
3.8MB

MD5
3d686dda8f890bef092779bc682dec10

SHA1
2e6f12de7a5d4febe798a63b2f8914458741bf7f

SHA256
af9b7828f0661720eeaac5931f160f7db17dbf6c1ddcd7020a0c06a4deb2b7d4

SHA512
cb32222a74d01de5c99e5096e1e00f86ab54af0db9e6b560b5952de2ab1c654ebde7331e80302dedb387acc7ad7c98eae3748cf3bf2bb78c1d0a5088db881f58

Download Submit
memory/2596-27-0x000000013F0D0000-0x000000013FCFA000-memory.dmp

Filesize
12.2MB

Download
memory/2768-21-0x00000000033C0000-0x0000000003FEA000-memory.dmp

Filesize
12.2MB

Download
memory/2888-78-0x00000000032A0000-0x0000000003ECA000-memory.dmp

Filesize
12.2MB

Download
memory/3000-258-0x00000000030D0000-0x0000000003D1A000-memory.dmp

Filesize
12.3MB

Download
memory/3000-257-0x00000000770D0000-0x00000000771CA000-memory.dmp

Filesize
1000KB

Download
memory/4776-191-0x00000000005F0000-0x0000000000600000-memory.dmp

Filesize
64KB

Download
memory/4776-197-0x0000000000650000-0x0000000000660000-memory.dmp

Filesize
64KB

Download
memory/4776-233-0x000000001AF70000-0x000000001AFBE000-memory.dmp

Filesize
312KB

Download
memory/4776-220-0x0000000000A30000-0x0000000000A3E000-memory.dmp

Filesize
56KB

Download
memory/4776-207-0x00000000008A0000-0x00000000008B0000-memory.dmp

Filesize
64KB

Download
memory/4776-201-0x00000000008D0000-0x00000000008E2000-memory.dmp

Filesize
72KB

Download
memory/4776-227-0x0000000000A40000-0x0000000000A4C000-memory.dmp

Filesize
48KB

Download
memory/4776-213-0x0000000000A20000-0x0000000000A30000-memory.dmp

Filesize
64KB

Download
memory/4776-211-0x00000000008F0000-0x00000000008FE000-memory.dmp

Filesize
56KB

Download
memory/4776-209-0x0000000002320000-0x000000000237A000-memory.dmp

Filesize
360KB

Download
memory/4776-205-0x0000000000890000-0x00000000008A0000-memory.dmp

Filesize
64KB

Download
memory/4776-203-0x0000000000660000-0x000000000066E000-memory.dmp

Filesize
56KB

Download
memory/4776-199-0x00000000008B0000-0x00000000008C6000-memory.dmp

Filesize
88KB

Download
memory/4776-222-0x0000000000A60000-0x0000000000A78000-memory.dmp

Filesize
96KB

Download
memory/4776-195-0x0000000000870000-0x0000000000882000-memory.dmp

Filesize
72KB

Download
memory/4776-181-0x0000000000200000-0x000000000020E000-memory.dmp

Filesize
56KB

Download
memory/4776-187-0x0000000000630000-0x0000000000648000-memory.dmp

Filesize
96KB

Download
memory/4776-189-0x0000000000250000-0x0000000000260000-memory.dmp

Filesize
64KB

Download
memory/4776-179-0x0000000000220000-0x0000000000246000-memory.dmp

Filesize
152KB

Download
memory/4776-183-0x0000000000610000-0x000000000062C000-memory.dmp

Filesize
112KB

Download
memory/4776-185-0x0000000000210000-0x0000000000220000-memory.dmp

Filesize
64KB

Download
memory/4776-193-0x0000000000600000-0x000000000060E000-memory.dmp

Filesize
56KB

Download
memory/4992-163-0x0000000000260000-0x00000000005EE000-memory.dmp

Filesize
3.6MB

Download
memory/7672-1953-0x0000000001370000-0x00000000016FE000-memory.dmp

Filesize
3.6MB

Download
memory/8708-4487-0x00000000011D0000-0x000000000155E000-memory.dmp

Filesize
3.6MB

Download
memory/9408-388-0x0000000000AD0000-0x0000000000E5E000-memory.dmp

Filesize
3.6MB

Download
memory/10456-4205-0x0000000000DC0000-0x000000000114E000-memory.dmp

Filesize
3.6MB

Download