warzonerat | ec35c0f70e43316469957b8829e748bf1541bb1eff27f931e0f6df1310993030

General

Target

5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe
Size

840KB
MD5

5a51e1e48cf514de495c13d1af463bc2
SHA1

d7b288ecebebe4467bef48da25db6ba4fc424a89
SHA256

ec35c0f70e43316469957b8829e748bf1541bb1eff27f931e0f6df1310993030
SHA512

d803cf5f128d3e1879b99c567ec122b663daea8acc8a693e130e006f66e5eecfbe8c4b93117a6b7d8e15eeb1ec8e916c0b68b26ef77f02b167fd62d0224867c6
SSDEEP

12288:Y4YIo+/zfgajmG/4rzaM6SbjhlDdFbzZ4StxEF63U1wcJ5w:Y17YzgbGxSbjDd75txU6Z

Score

10^/10

warzonerat infostealer rat

Malware Config

Extracted

Family

warzonerat

C2

savagesquad.ooguy.com:5437

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT payload 2 IoCs

rat

Processes:

resource	yara_rule
behavioral2/memory/1204-88-0x0000000000400000-0x000000000041D000-memory.dmp	warzonerat
behavioral2/memory/1204-89-0x0000000000400000-0x000000000041D000-memory.dmp	warzonerat

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEFGUI.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXE

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	FGUI.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	XXZZ.EXE

Executes dropped EXE 64 IoCs

Processes:

FGUI.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXE

pid	process
3276	FGUI.EXE
3128	XXZZ.EXE
312	XXZZ.EXE
4972	XXZZ.EXE
808	XXZZ.EXE
1556	XXZZ.EXE
1708	XXZZ.EXE
1200	XXZZ.EXE
4896	XXZZ.EXE
440	XXZZ.EXE
3268	XXZZ.EXE
3408	XXZZ.EXE
1208	XXZZ.EXE
3124	XXZZ.EXE
1808	XXZZ.EXE
3832	XXZZ.EXE
3140	XXZZ.EXE
3820	XXZZ.EXE
3624	XXZZ.EXE
2780	XXZZ.EXE
4960	XXZZ.EXE
3244	XXZZ.EXE
1440	XXZZ.EXE
5100	XXZZ.EXE
3304	XXZZ.EXE
1792	XXZZ.EXE
116	XXZZ.EXE
4616	XXZZ.EXE
3036	XXZZ.EXE
2080	XXZZ.EXE
3284	XXZZ.EXE
4472	XXZZ.EXE
4468	XXZZ.EXE
4068	XXZZ.EXE
3576	XXZZ.EXE
1616	XXZZ.EXE
2188	XXZZ.EXE
3620	XXZZ.EXE
1692	XXZZ.EXE
3848	XXZZ.EXE
3268	XXZZ.EXE
3408	XXZZ.EXE
2920	XXZZ.EXE
2052	XXZZ.EXE
3140	XXZZ.EXE
3460	XXZZ.EXE
4376	XXZZ.EXE
2476	XXZZ.EXE
1340	XXZZ.EXE
4540	XXZZ.EXE
3432	XXZZ.EXE
4780	XXZZ.EXE
3228	XXZZ.EXE
3196	XXZZ.EXE
644	XXZZ.EXE
3356	XXZZ.EXE
1636	XXZZ.EXE
1496	XXZZ.EXE
2492	XXZZ.EXE
1100	XXZZ.EXE
940	XXZZ.EXE
2404	XXZZ.EXE
4928	XXZZ.EXE
3728	XXZZ.EXE

Suspicious use of SetThreadContext 1 IoCs

Processes:

FGUI.EXE

description pid process target process

PID 3276 set thread context of 1204 3276 FGUI.EXE FGUI.EXE
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

2324 schtasks.exe

description	pid	process	target process
PID 3276 set thread context of 1204	3276	FGUI.EXE	FGUI.EXE

pid	process
2324	schtasks.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exeXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXEXXZZ.EXE

description	pid	process	target process
PID 4472 wrote to memory of 3276	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	FGUI.EXE
PID 4472 wrote to memory of 3276	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	FGUI.EXE
PID 4472 wrote to memory of 3276	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	FGUI.EXE
PID 4472 wrote to memory of 3128	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	XXZZ.EXE
PID 4472 wrote to memory of 3128	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	XXZZ.EXE
PID 4472 wrote to memory of 3128	4472	5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe	XXZZ.EXE
PID 3128 wrote to memory of 312	3128	XXZZ.EXE	XXZZ.EXE
PID 3128 wrote to memory of 312	3128	XXZZ.EXE	XXZZ.EXE
PID 3128 wrote to memory of 312	3128	XXZZ.EXE	XXZZ.EXE
PID 312 wrote to memory of 4972	312	XXZZ.EXE	XXZZ.EXE
PID 312 wrote to memory of 4972	312	XXZZ.EXE	XXZZ.EXE
PID 312 wrote to memory of 4972	312	XXZZ.EXE	XXZZ.EXE
PID 4972 wrote to memory of 808	4972	XXZZ.EXE	XXZZ.EXE
PID 4972 wrote to memory of 808	4972	XXZZ.EXE	XXZZ.EXE
PID 4972 wrote to memory of 808	4972	XXZZ.EXE	XXZZ.EXE
PID 808 wrote to memory of 1556	808	XXZZ.EXE	XXZZ.EXE
PID 808 wrote to memory of 1556	808	XXZZ.EXE	XXZZ.EXE
PID 808 wrote to memory of 1556	808	XXZZ.EXE	XXZZ.EXE
PID 1556 wrote to memory of 1708	1556	XXZZ.EXE	XXZZ.EXE
PID 1556 wrote to memory of 1708	1556	XXZZ.EXE	XXZZ.EXE
PID 1556 wrote to memory of 1708	1556	XXZZ.EXE	XXZZ.EXE
PID 1708 wrote to memory of 1200	1708	XXZZ.EXE	XXZZ.EXE
PID 1708 wrote to memory of 1200	1708	XXZZ.EXE	XXZZ.EXE
PID 1708 wrote to memory of 1200	1708	XXZZ.EXE	XXZZ.EXE
PID 1200 wrote to memory of 4896	1200	XXZZ.EXE	XXZZ.EXE
PID 1200 wrote to memory of 4896	1200	XXZZ.EXE	XXZZ.EXE
PID 1200 wrote to memory of 4896	1200	XXZZ.EXE	XXZZ.EXE
PID 4896 wrote to memory of 440	4896	XXZZ.EXE	XXZZ.EXE
PID 4896 wrote to memory of 440	4896	XXZZ.EXE	XXZZ.EXE
PID 4896 wrote to memory of 440	4896	XXZZ.EXE	XXZZ.EXE
PID 440 wrote to memory of 3268	440	XXZZ.EXE	XXZZ.EXE
PID 440 wrote to memory of 3268	440	XXZZ.EXE	XXZZ.EXE
PID 440 wrote to memory of 3268	440	XXZZ.EXE	XXZZ.EXE
PID 3268 wrote to memory of 3408	3268	XXZZ.EXE	XXZZ.EXE
PID 3268 wrote to memory of 3408	3268	XXZZ.EXE	XXZZ.EXE
PID 3268 wrote to memory of 3408	3268	XXZZ.EXE	XXZZ.EXE
PID 3408 wrote to memory of 1208	3408	XXZZ.EXE	XXZZ.EXE
PID 3408 wrote to memory of 1208	3408	XXZZ.EXE	XXZZ.EXE
PID 3408 wrote to memory of 1208	3408	XXZZ.EXE	XXZZ.EXE
PID 1208 wrote to memory of 3124	1208	XXZZ.EXE	XXZZ.EXE
PID 1208 wrote to memory of 3124	1208	XXZZ.EXE	XXZZ.EXE
PID 1208 wrote to memory of 3124	1208	XXZZ.EXE	XXZZ.EXE
PID 3124 wrote to memory of 1808	3124	XXZZ.EXE	XXZZ.EXE
PID 3124 wrote to memory of 1808	3124	XXZZ.EXE	XXZZ.EXE
PID 3124 wrote to memory of 1808	3124	XXZZ.EXE	XXZZ.EXE
PID 1808 wrote to memory of 3832	1808	XXZZ.EXE	XXZZ.EXE
PID 1808 wrote to memory of 3832	1808	XXZZ.EXE	XXZZ.EXE
PID 1808 wrote to memory of 3832	1808	XXZZ.EXE	XXZZ.EXE
PID 3832 wrote to memory of 3140	3832	XXZZ.EXE	XXZZ.EXE
PID 3832 wrote to memory of 3140	3832	XXZZ.EXE	XXZZ.EXE
PID 3832 wrote to memory of 3140	3832	XXZZ.EXE	XXZZ.EXE
PID 3140 wrote to memory of 3820	3140	XXZZ.EXE	XXZZ.EXE
PID 3140 wrote to memory of 3820	3140	XXZZ.EXE	XXZZ.EXE
PID 3140 wrote to memory of 3820	3140	XXZZ.EXE	XXZZ.EXE
PID 3820 wrote to memory of 3624	3820	XXZZ.EXE	XXZZ.EXE
PID 3820 wrote to memory of 3624	3820	XXZZ.EXE	XXZZ.EXE
PID 3820 wrote to memory of 3624	3820	XXZZ.EXE	XXZZ.EXE
PID 3624 wrote to memory of 2780	3624	XXZZ.EXE	XXZZ.EXE
PID 3624 wrote to memory of 2780	3624	XXZZ.EXE	XXZZ.EXE
PID 3624 wrote to memory of 2780	3624	XXZZ.EXE	XXZZ.EXE
PID 2780 wrote to memory of 4960	2780	XXZZ.EXE	XXZZ.EXE
PID 2780 wrote to memory of 4960	2780	XXZZ.EXE	XXZZ.EXE
PID 2780 wrote to memory of 4960	2780	XXZZ.EXE	XXZZ.EXE
PID 4960 wrote to memory of 3244	4960	XXZZ.EXE	XXZZ.EXE

C:\Users\Admin\AppData\Local\Temp\5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472

C:\Users\Admin\AppData\Local\Temp\FGUI.EXE
"C:\Users\Admin\AppData\Local\Temp\FGUI.EXE"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3276

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hPiAzoSzIFRAVl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2A.tmp"
3⤵
- Creates scheduled task(s)
PID:2324

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
4⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\FGUI.EXE
"C:\Users\Admin\AppData\Local\Temp\FGUI.EXE"
3⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3128

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
8⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1208

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3124

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3140

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3820

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4960

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
22⤵
- Executes dropped EXE
PID:3244

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
23⤵
- Executes dropped EXE
PID:1440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
24⤵
- Executes dropped EXE
PID:5100

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
25⤵
- Executes dropped EXE
PID:3304

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
26⤵
- Executes dropped EXE
PID:1792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
27⤵
- Executes dropped EXE
PID:116

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
28⤵
- Executes dropped EXE
PID:4616

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
29⤵
- Checks computer location settings
- Executes dropped EXE
PID:3036

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
30⤵
- Executes dropped EXE
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
31⤵
- Checks computer location settings
- Executes dropped EXE
PID:3284

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
32⤵
- Executes dropped EXE
PID:4472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
33⤵
- Checks computer location settings
- Executes dropped EXE
PID:4468

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
34⤵
- Executes dropped EXE
PID:4068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
35⤵
- Checks computer location settings
- Executes dropped EXE
PID:3576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
36⤵
- Executes dropped EXE
PID:1616

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
37⤵
- Executes dropped EXE
PID:2188

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
38⤵
- Checks computer location settings
- Executes dropped EXE
PID:3620

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
39⤵
- Executes dropped EXE
PID:1692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
40⤵
- Executes dropped EXE
PID:3848

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
41⤵
- Checks computer location settings
- Executes dropped EXE
PID:3268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
42⤵
- Executes dropped EXE
PID:3408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
43⤵
- Executes dropped EXE
PID:2920

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
44⤵
- Executes dropped EXE
PID:2052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
45⤵
- Executes dropped EXE
PID:3140

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
46⤵
- Executes dropped EXE
PID:3460

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
47⤵
- Executes dropped EXE
PID:4376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
48⤵
- Executes dropped EXE
PID:2476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
49⤵
- Checks computer location settings
- Executes dropped EXE
PID:1340

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
50⤵
- Executes dropped EXE
PID:4540

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
51⤵
- Executes dropped EXE
PID:3432

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
52⤵
- Executes dropped EXE
PID:4780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
53⤵
- Executes dropped EXE
PID:3228

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
54⤵
- Executes dropped EXE
PID:3196

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
55⤵
- Executes dropped EXE
PID:644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
56⤵
- Executes dropped EXE
PID:3356

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
57⤵
- Executes dropped EXE
PID:1636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
58⤵
- Checks computer location settings
- Executes dropped EXE
PID:1496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
59⤵
- Executes dropped EXE
PID:2492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
60⤵
- Executes dropped EXE
PID:1100

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
61⤵
- Executes dropped EXE
PID:940

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
62⤵
- Executes dropped EXE
PID:2404

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
63⤵
- Executes dropped EXE
PID:4928

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
64⤵
- Executes dropped EXE
PID:3728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
65⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
66⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
67⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
68⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
69⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
70⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
71⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
72⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
73⤵
- Checks computer location settings
PID:2052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
74⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
75⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
76⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
77⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
78⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
79⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
80⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
81⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
82⤵
- Checks computer location settings
PID:4156

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
83⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
84⤵
- Checks computer location settings
PID:3084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
85⤵
- Checks computer location settings
PID:644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
86⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
87⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
88⤵
- Checks computer location settings
PID:4204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
89⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
90⤵
- Checks computer location settings
PID:3160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
91⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
92⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
93⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
94⤵
- Checks computer location settings
PID:2400

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
95⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
96⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
97⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
98⤵
- Checks computer location settings
PID:2948

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
99⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
100⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
101⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
102⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
103⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
104⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
105⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
106⤵
- Checks computer location settings
PID:2052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
107⤵
- Checks computer location settings
PID:3136

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
108⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
109⤵
- Checks computer location settings
PID:3232

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
110⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
111⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
112⤵
PID:388

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
113⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
114⤵
PID:724

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
115⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
116⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
117⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
118⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
119⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
120⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
121⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
122⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
123⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
124⤵
- Checks computer location settings
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
125⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
126⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
127⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
128⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
129⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
130⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
131⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
132⤵
- Checks computer location settings
PID:4764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
133⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
134⤵
- Checks computer location settings
PID:1604

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
135⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
136⤵
- Checks computer location settings
PID:3656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
137⤵
- Checks computer location settings
PID:2560

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
138⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
139⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
140⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
141⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
142⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
143⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
144⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
145⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
146⤵
- Checks computer location settings
PID:2544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
147⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
148⤵
- Checks computer location settings
PID:4020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
149⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
150⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
151⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
152⤵
- Checks computer location settings
PID:4396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
153⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
154⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
155⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
156⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
157⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
158⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
159⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
160⤵
- Checks computer location settings
PID:924

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
161⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
162⤵
- Checks computer location settings
PID:3316

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
163⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
164⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
165⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
166⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
167⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
168⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
169⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
170⤵
PID:388

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
171⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
172⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
173⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
174⤵
- Checks computer location settings
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
175⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
176⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
177⤵
- Checks computer location settings
PID:3768

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
178⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
179⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
180⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
181⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
182⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
183⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
184⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
185⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
186⤵
- Checks computer location settings
PID:3568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
187⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
188⤵
- Checks computer location settings
PID:5008

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
189⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
190⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
191⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
192⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
193⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
194⤵
- Checks computer location settings
PID:3300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
195⤵
- Checks computer location settings
PID:2216

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
196⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
197⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
198⤵
- Checks computer location settings
PID:3808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
199⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
200⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
201⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
202⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
203⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
204⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
205⤵
PID:516

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
206⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
207⤵
- Checks computer location settings
PID:2172

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
208⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
209⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
210⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
211⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
212⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
213⤵
- Checks computer location settings
PID:1100

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
214⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
215⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
216⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
217⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
218⤵
- Checks computer location settings
PID:4860

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
219⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
220⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
221⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
222⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
223⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
224⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
225⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
226⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
227⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
228⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
229⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
230⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
231⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
232⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
233⤵
- Checks computer location settings
PID:3280

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
234⤵
PID:228

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
235⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
236⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
237⤵
- Checks computer location settings
PID:3324

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
238⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
239⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
240⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
241⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
242⤵
- Checks computer location settings
PID:4068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
243⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
244⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
245⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
246⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
247⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
248⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
249⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
250⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
251⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
252⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
253⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
254⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
255⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
256⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
257⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
258⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
259⤵
- Checks computer location settings
PID:1272

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
260⤵
- Checks computer location settings
PID:3808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
261⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
262⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
263⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
264⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
265⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
266⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
267⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
268⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
269⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
270⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
271⤵
- Checks computer location settings
PID:4972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
272⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
273⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
274⤵
- Checks computer location settings
PID:4248

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
275⤵
- Checks computer location settings
PID:5112

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
276⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
277⤵
- Checks computer location settings
PID:4756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
278⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
279⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
280⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
281⤵
- Checks computer location settings
PID:2060

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
282⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
283⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
284⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
285⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
286⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
287⤵
- Checks computer location settings
PID:332

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
288⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
289⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
290⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
291⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
292⤵
- Checks computer location settings
PID:3240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
293⤵
PID:116

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
294⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
295⤵
- Checks computer location settings
PID:3084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
296⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
297⤵
- Checks computer location settings
PID:4204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
298⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
299⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
300⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
301⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
302⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
303⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
304⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
305⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
306⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
307⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
308⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
309⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
310⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
311⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
312⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
313⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
314⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
315⤵
- Checks computer location settings
PID:5000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
316⤵
- Checks computer location settings
PID:4400

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
317⤵
- Checks computer location settings
PID:1632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
318⤵
PID:208

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
319⤵
- Checks computer location settings
PID:692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
320⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
321⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
322⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
323⤵
- Checks computer location settings
PID:1644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
324⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
325⤵
- Checks computer location settings
PID:1312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
326⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
327⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
328⤵
- Checks computer location settings
PID:516

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
329⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
330⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
331⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
332⤵
- Checks computer location settings
PID:1056

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
333⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
334⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
335⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
336⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
337⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
338⤵
- Checks computer location settings
PID:408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
339⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
340⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
341⤵
PID:312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
342⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
343⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
344⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
345⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
346⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
347⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
348⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
349⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
350⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
351⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
352⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
353⤵
PID:116

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
354⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
355⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
356⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
357⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
358⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
359⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
360⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
361⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
362⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
363⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
364⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
365⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
366⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
367⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
368⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
369⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
370⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
371⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
372⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
373⤵
PID:60

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
374⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
375⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
376⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
377⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
378⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
379⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
380⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
381⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
382⤵
PID:208

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
383⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
384⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
385⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
386⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
387⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
388⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
389⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
390⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
391⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
392⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
393⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
394⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
395⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
396⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
397⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
398⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
399⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
400⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
401⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
402⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
403⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
404⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
405⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
406⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
407⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
408⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
409⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
410⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
411⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
412⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
413⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
414⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
415⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
416⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
417⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
418⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
419⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
420⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
421⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
422⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
423⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
424⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
425⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
426⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
427⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
428⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
429⤵
PID:8

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
430⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
431⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
432⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
433⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
434⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
435⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
436⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
437⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
438⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
439⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
440⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
441⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
442⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
443⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
444⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
445⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
446⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
447⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
448⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
449⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
450⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
451⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
452⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
453⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
454⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
455⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
456⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
457⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
458⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
459⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
460⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
461⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
462⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
463⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
464⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
465⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
466⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
467⤵
PID:312

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
468⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
469⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
470⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
471⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
472⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
473⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
474⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
475⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
476⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
477⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
478⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
479⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
480⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
481⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
482⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
483⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
484⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
485⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
486⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
487⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
488⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
489⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
490⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
491⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
492⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
493⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
494⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
495⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
496⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
497⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
498⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
499⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
500⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
501⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
502⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
503⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
504⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
505⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
506⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
507⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
508⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
509⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
510⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
511⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
512⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
513⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
514⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
515⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
516⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
517⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
518⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
519⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
520⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
521⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
522⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
523⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
524⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
525⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
526⤵
PID:388

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
527⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
528⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
529⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
530⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
531⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
532⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
533⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
534⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
535⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
536⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
537⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
538⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
539⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
540⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
541⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
542⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
543⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
544⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
545⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
546⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
547⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
548⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
549⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
550⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
551⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
552⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
553⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
554⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
555⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
556⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
557⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
558⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
559⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
560⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
561⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
562⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
563⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
564⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
565⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
566⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
567⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
568⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
569⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
570⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
571⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
572⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
573⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
574⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
575⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
576⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
577⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
578⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
579⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
580⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
581⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
582⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
583⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
584⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
585⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
586⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
587⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
588⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
589⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
590⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
591⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
592⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
593⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
594⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
595⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
596⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
597⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
598⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
599⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
600⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
601⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
602⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
603⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
604⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
605⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
606⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
607⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
608⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
609⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
610⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
611⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
612⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
613⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
614⤵
PID:60

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
615⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
616⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
617⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
618⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
619⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
620⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
621⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
622⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
623⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
624⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
625⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
626⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
627⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
628⤵
PID:208

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
629⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
630⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
631⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
632⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
633⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
634⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
635⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
636⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
637⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
638⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
639⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
640⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
641⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
642⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
643⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
644⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
645⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
646⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
647⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
648⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
649⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
650⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
651⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
652⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
653⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
654⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
655⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
656⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
657⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
658⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
659⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
660⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
661⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
662⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
663⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
664⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
665⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
666⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
667⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
668⤵
PID:516

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
669⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
670⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
671⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
672⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
673⤵
PID:8

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
674⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
675⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
676⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
677⤵
PID:220

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
678⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
679⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
680⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
681⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
682⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
683⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
684⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
685⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
686⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
687⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
688⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
689⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
690⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
691⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
692⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
693⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
694⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
695⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
696⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
697⤵
PID:216

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
698⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
699⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
700⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
701⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
702⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
703⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
704⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
705⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
706⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
707⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
708⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
709⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
710⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
711⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
712⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
713⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
714⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
715⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
716⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
717⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
718⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
719⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
720⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
721⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
722⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
723⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
724⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
725⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
726⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
727⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
728⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
729⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
730⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
731⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
732⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
733⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
734⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
735⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
736⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
737⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
738⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
739⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
740⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
741⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
742⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
743⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
744⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
745⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
746⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
747⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
748⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
749⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
750⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
751⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
752⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
753⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
754⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
755⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
756⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
757⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
758⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
759⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
760⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
761⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
762⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
763⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
764⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
765⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
766⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
767⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
768⤵
PID:208

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
769⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
770⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
771⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
772⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
773⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
774⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
775⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
776⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
777⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
778⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
779⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
780⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
781⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
782⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
783⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
784⤵
PID:8

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
785⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
786⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
787⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
788⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
789⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
790⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
791⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
792⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
793⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
794⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
795⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
796⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
797⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
798⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
799⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
800⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
801⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
802⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
803⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
804⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
805⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
806⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
807⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
808⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
809⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
810⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
811⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
812⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
"C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE"
813⤵
PID:1476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:1340

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:2028

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2052

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:632

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\FGUI.EXE
Filesize
419KB

MD5
0baf9775a38f7a4944eeeb5a4ecb3c7b

SHA1
b71f452df6233f7baf263b95c82b018a8876785d

SHA256
d851556dbc68ff73df08c18b9fffac59605701f4ec5f8287068d9d04ab62e6f9

SHA512
ae7f7762cf93eefd49ab487985ca51d5b8781a8ba093f4a79058beb77ce269105e01db34ef9257345e735f1aacd66b0e32edc583dd4bba0f5e6951645c98f3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\XXZZ.EXE
Filesize
368KB

MD5
7ddeb32d481079747c932ccd9b4e8ae6

SHA1
850b9b04b32c21991efc94ebccacb8e03ecc3a4a

SHA256
f1bf24f8ebc142d985f5c7273080fd18ad30549a50a6d26b9dd7c454a2673e5a

SHA512
03922315b903bccdc3cb51708a163cb8802ed86c69bac4a91d104b77b6b55c9953d1314fbdf9a6e9225a8b85a101b51b56707cf66a09e5ff422d0f378811b04f

Download Submit
memory/1204-88-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1204-89-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3276-19-0x0000000073852000-0x0000000073853000-memory.dmp

Filesize
4KB

Download
memory/3276-20-0x0000000073850000-0x0000000073E01000-memory.dmp

Filesize
5.7MB

Download
memory/3276-21-0x0000000073850000-0x0000000073E01000-memory.dmp

Filesize
5.7MB

Download
memory/3276-82-0x0000000073852000-0x0000000073853000-memory.dmp

Filesize
4KB

Download
memory/3276-83-0x0000000073850000-0x0000000073E01000-memory.dmp

Filesize
5.7MB

Download
memory/3276-91-0x0000000073850000-0x0000000073E01000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads