toxiceye | 9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8

Analysis

max time kernel
182s
max time network
183s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
17-08-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BootstrapperV1.16.exe
Size

381KB
MD5

12d943d0d655d4d54b91d175c3e46e02
SHA1

9b115a4874f3da04e29315e09e50a2d61b826de8
SHA256

9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8
SHA512

1746222789c3f480f9364f3dd654f41be5ed3d520a58f5cd69e0cd08a8d59b81a796c6ac3e6603db493f3d5a48bc748280e19cfd48f4925f7fc38b16b9e38640
SSDEEP

6144:mSncRleSncRlFSncRl0snwou0bUrCsnwou0bUr:r4p4O4Dnwou5vnwou5

Score

10^/10

toxiceye discovery rat trojan

Malware Config

Extracted

Family

toxiceye

https://api.telegram.org/bot7302074945:AAGKx5TnjPyRM_fqN4XQLd4uz-PUp4nl8w4/sendMessage?chat_id=6414125020

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye

Executes dropped EXE 64 IoCs

pid	Process
2432	STUB DO NOT RUN THISS.EXE
2560	STUB DO NOT RUN THISS.EXE
2668	STUB DO NOT RUN THISS.EXE
920	STUB DO NOT RUN THISS.EXE
3104	STUB DO NOT RUN THISS.EXE
2344	STUB DO NOT RUN THISS.EXE
4744	STUB DO NOT RUN THISS.EXE
2420	STUB DO NOT RUN THISS.EXE
3100	STUB DO NOT RUN THISS.EXE
4540	STUB DO NOT RUN THISS.EXE
1956	STUB DO NOT RUN THISS.EXE
2424	STUB DO NOT RUN THISS.EXE
784	STUB DO NOT RUN THISS.EXE
4444	STUB DO NOT RUN THISS.EXE
2624	STUB DO NOT RUN THISS.EXE
3176	STUB DO NOT RUN THISS.EXE
3984	STUB DO NOT RUN THISS.EXE
1568	STUB DO NOT RUN THISS.EXE
4108	STUB DO NOT RUN THISS.EXE
3448	STUB DO NOT RUN THISS.EXE
3596	STUB DO NOT RUN THISS.EXE
4860	STUB DO NOT RUN THISS.EXE
4872	STUB DO NOT RUN THISS.EXE
3544	STUB DO NOT RUN THISS.EXE
2768	STUB DO NOT RUN THISS.EXE
4836	STUB DO NOT RUN THISS.EXE
2240	STUB DO NOT RUN THISS.EXE
2388	STUB DO NOT RUN THISS.EXE
3340	STUB DO NOT RUN THISS.EXE
4888	STUB DO NOT RUN THISS.EXE
4048	STUB DO NOT RUN THISS.EXE
4372	STUB DO NOT RUN THISS.EXE
4108	STUB DO NOT RUN THISS.EXE
2288	STUB DO NOT RUN THISS.EXE
1660	rat.exe
1152	STUB DO NOT RUN THISS.EXE
3604	STUB DO NOT RUN THISS.EXE
240	STUB DO NOT RUN THISS.EXE
1020	STUB DO NOT RUN THISS.EXE
2164	STUB DO NOT RUN THISS.EXE
1316	STUB DO NOT RUN THISS.EXE
3744	STUB DO NOT RUN THISS.EXE
3480	STUB DO NOT RUN THISS.EXE
3944	STUB DO NOT RUN THISS.EXE
4648	STUB DO NOT RUN THISS.EXE
1808	STUB DO NOT RUN THISS.EXE
4392	STUB DO NOT RUN THISS.EXE
2788	STUB DO NOT RUN THISS.EXE
648	STUB DO NOT RUN THISS.EXE
4656	STUB DO NOT RUN THISS.EXE
3576	STUB DO NOT RUN THISS.EXE
772	STUB DO NOT RUN THISS.EXE
1956	STUB DO NOT RUN THISS.EXE
2224	STUB DO NOT RUN THISS.EXE
3460	STUB DO NOT RUN THISS.EXE
440	STUB DO NOT RUN THISS.EXE
488	STUB DO NOT RUN THISS.EXE
1608	STUB DO NOT RUN THISS.EXE
4920	rat.exe
1944	STUB DO NOT RUN THISS.EXE
2252	STUB DO NOT RUN THISS.EXE
420	STUB DO NOT RUN THISS.EXE
2876	STUB DO NOT RUN THISS.EXE
3844	STUB DO NOT RUN THISS.EXE

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
4700	Process not Found
4236	Process not Found
4952	Process not Found
2100	Process not Found
2928	Process not Found
2332	tasklist.exe
3672	tasklist.exe
5072	Process not Found
2980	Process not Found
1324	tasklist.exe
2060	Process not Found
1528	Process not Found
1808	Process not Found
412	Process not Found
488	Process not Found
2876	Process not Found
1076	tasklist.exe
3956	Process not Found
2564	Process not Found
2336	Process not Found
2368	Process not Found
4604	Process not Found
1924	Process not Found
560	Process not Found
4160	Process not Found
4996	Process not Found
2152	tasklist.exe
4632	tasklist.exe
3168	tasklist.exe
2108	tasklist.exe
4672	tasklist.exe
4384	Process not Found
2100	Process not Found
4360	Process not Found
3696	Process not Found
4964	Process not Found
2388	tasklist.exe
4596	Process not Found
1208	Process not Found
2564	Process not Found
3480	Process not Found
2448	Process not Found
3820	Process not Found
3044	Process not Found
3824	tasklist.exe
1152	Process not Found
4172	Process not Found
4392	Process not Found
1600	Process not Found
4252	Process not Found
3100	Process not Found
3192	tasklist.exe
4900	Process not Found
4768	Process not Found
2076	tasklist.exe
3496	tasklist.exe
1384	tasklist.exe
1208	Process not Found
2512	Process not Found
660	tasklist.exe
3576	tasklist.exe
1340	Process not Found
4236	Process not Found
2368	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperV1.16.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1268	timeout.exe
1164	Process not Found
4676	Process not Found
4316	Process not Found
2176	Process not Found
4348	Process not Found
2912	Process not Found
4168	timeout.exe
4168	Process not Found
4040	Process not Found
2588	Process not Found
4908	Process not Found
1568	timeout.exe
2640	Process not Found
860	Process not Found
2592	Process not Found
3576	Process not Found
4636	Process not Found
3492	timeout.exe
4440	Process not Found
4632	Process not Found
3184	Process not Found
2864	Process not Found
1976	Process not Found
3324	Process not Found
3308	timeout.exe
2624	Process not Found
1784	Process not Found
4932	Process not Found
4052	timeout.exe
1600	timeout.exe
784	timeout.exe
1164	Process not Found
3620	timeout.exe
1600	timeout.exe
4656	Process not Found
2300	Process not Found
2556	Process not Found
3516	Process not Found
4372	timeout.exe
244	Process not Found
836	Process not Found
4892	Process not Found
2244	Process not Found
5108	timeout.exe
4468	Process not Found
4672	Process not Found
3060	Process not Found
2624	Process not Found
2472	timeout.exe
3176	Process not Found
2904	Process not Found
2876	Process not Found
2488	Process not Found
4820	Process not Found
4944	timeout.exe
2160	timeout.exe
3060	Process not Found
2252	Process not Found
1460	Process not Found
4768	Process not Found
248	timeout.exe
3180	Process not Found
4564	Process not Found

Scheduled Task/Job: Scheduled Task 1 TTPs 64 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
780	schtasks.exe
1456	Process not Found
4196	Process not Found
2148	Process not Found
3480	Process not Found
3484	schtasks.exe
892	Process not Found
4876	Process not Found
4956	Process not Found
1616	Process not Found
1000	schtasks.exe
1568	schtasks.exe
3508	Process not Found
488	Process not Found
2300	Process not Found
2060	Process not Found
3556	Process not Found
2252	Process not Found
916	Process not Found
4596	Process not Found
4180	Process not Found
1492	Process not Found
1480	Process not Found
4984	Process not Found
2160	Process not Found
3556	Process not Found
4196	Process not Found
2384	schtasks.exe
3156	schtasks.exe
1020	schtasks.exe
4596	Process not Found
1076	Process not Found
436	Process not Found
1440	Process not Found
4868	schtasks.exe
2640	schtasks.exe
3548	schtasks.exe
576	Process not Found
944	Process not Found
4980	Process not Found
1332	Process not Found
2448	schtasks.exe
3024	Process not Found
1876	Process not Found
3652	Process not Found
2244	Process not Found
4380	Process not Found
4224	Process not Found
2284	Process not Found
780	Process not Found
4824	Process not Found
4048	schtasks.exe
3480	schtasks.exe
2188	schtasks.exe
5108	schtasks.exe
792	schtasks.exe
3448	Process not Found
2560	schtasks.exe
4672	Process not Found
420	Process not Found
4576	schtasks.exe
3904	schtasks.exe
2100	Process not Found
2572	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2432	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	3340	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	2108	tasklist.exe
Token: SeDebugPrivilege	648	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	4672	tasklist.exe
Token: SeDebugPrivilege	4028	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	3824	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	81
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	81
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	81
PID 4920 wrote to memory of 2432	4920	BootstrapperV1.16.exe	82
PID 4920 wrote to memory of 2432	4920	BootstrapperV1.16.exe	82
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	84
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	84
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	84
PID 4620 wrote to memory of 2560	4620	BOOTSTRAPPERV1.16.EXE	85
PID 4620 wrote to memory of 2560	4620	BOOTSTRAPPERV1.16.EXE	85
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	87
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	87
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	87
PID 2564 wrote to memory of 2668	2564	BOOTSTRAPPERV1.16.EXE	138
PID 2564 wrote to memory of 2668	2564	BOOTSTRAPPERV1.16.EXE	138
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	90
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	90
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	90
PID 2196 wrote to memory of 920	2196	BOOTSTRAPPERV1.16.EXE	231
PID 2196 wrote to memory of 920	2196	BOOTSTRAPPERV1.16.EXE	231
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	93
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	93
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	93
PID 1000 wrote to memory of 3104	1000	BOOTSTRAPPERV1.16.EXE	94
PID 1000 wrote to memory of 3104	1000	BOOTSTRAPPERV1.16.EXE	94
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	96
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	96
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	96
PID 3556 wrote to memory of 2344	3556	BOOTSTRAPPERV1.16.EXE	97
PID 3556 wrote to memory of 2344	3556	BOOTSTRAPPERV1.16.EXE	97
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	335
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	335
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	335
PID 1464 wrote to memory of 4744	1464	BOOTSTRAPPERV1.16.EXE	100
PID 1464 wrote to memory of 4744	1464	BOOTSTRAPPERV1.16.EXE	100
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	102
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	102
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	102
PID 2912 wrote to memory of 2420	2912	BOOTSTRAPPERV1.16.EXE	103
PID 2912 wrote to memory of 2420	2912	BOOTSTRAPPERV1.16.EXE	103
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	199
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	199
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	199
PID 3436 wrote to memory of 3100	3436	BOOTSTRAPPERV1.16.EXE	294
PID 3436 wrote to memory of 3100	3436	BOOTSTRAPPERV1.16.EXE	294
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	108
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	108
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	108
PID 780 wrote to memory of 4540	780	BOOTSTRAPPERV1.16.EXE	529
PID 780 wrote to memory of 4540	780	BOOTSTRAPPERV1.16.EXE	529
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	409
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	409
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	409
PID 236 wrote to memory of 1956	236	BOOTSTRAPPERV1.16.EXE	348
PID 236 wrote to memory of 1956	236	BOOTSTRAPPERV1.16.EXE	348
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	114
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	114
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	114
PID 1456 wrote to memory of 2424	1456	BOOTSTRAPPERV1.16.EXE	483
PID 1456 wrote to memory of 2424	1456	BOOTSTRAPPERV1.16.EXE	483
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	439
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	439
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	439
PID 2008 wrote to memory of 784	2008	BOOTSTRAPPERV1.16.EXE	574

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.16.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.16.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        15⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        17⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        21⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        27⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        33⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        34⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        36⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        40⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        42⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        43⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        44⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        48⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        53⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        54⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        60⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        61⤵
        System Location Discovery: System Language Discovery
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        67⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        68⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        69⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        75⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        82⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        87⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        89⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        91⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        92⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        93⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        94⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        95⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        96⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        97⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        98⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        99⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        100⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        101⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        102⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        103⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        104⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        105⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        106⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        107⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        108⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        109⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        110⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        111⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        112⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        113⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        114⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        115⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        116⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        117⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        118⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        119⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        120⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        121⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        122⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        123⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        124⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        125⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        126⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        127⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        128⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        129⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        130⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        131⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        132⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        133⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        134⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        135⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        136⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        137⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        138⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        139⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        140⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        141⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        142⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        143⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        144⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        145⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        146⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        147⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        148⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        149⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        150⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        151⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        152⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        153⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        154⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        155⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        156⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        157⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        158⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        159⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        160⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        161⤵
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        162⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        163⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        164⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        165⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        166⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        167⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        168⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        169⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        170⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        171⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        172⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        173⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        174⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        175⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        176⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        177⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        178⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        179⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        180⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        181⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        182⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        183⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        184⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        185⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        186⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        187⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        188⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        189⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        190⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        191⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        192⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        193⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        194⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        195⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        196⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        197⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        198⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        199⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        200⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        201⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        202⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        203⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        204⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        205⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        206⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        207⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        208⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        209⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        210⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        211⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        212⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        213⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        214⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        215⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        216⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        217⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        218⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        219⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        220⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        221⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        222⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        223⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        224⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        225⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        226⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        227⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        228⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        229⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        230⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        231⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        232⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        233⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        234⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        235⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        236⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        237⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        238⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        239⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        240⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        241⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        242⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        243⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        244⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        245⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        246⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        247⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        248⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        249⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        250⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        251⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        252⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        253⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        254⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        255⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        256⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        257⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        258⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        259⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        260⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        261⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        262⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        263⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        264⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        265⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        266⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        267⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        268⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        269⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        270⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        271⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        272⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        273⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        274⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        275⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        276⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        277⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        278⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        279⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        280⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        281⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        282⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        283⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        284⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        285⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        286⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        287⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        288⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        289⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        290⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        291⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        292⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        293⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        294⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        295⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        296⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        297⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        298⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        299⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        300⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        301⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        302⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        303⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        304⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        305⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        306⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        307⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        308⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        309⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        310⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        311⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        312⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        313⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        314⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        315⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        316⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        317⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        318⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        319⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        320⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        321⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        322⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        323⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        324⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        325⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        326⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        327⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        328⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        329⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        330⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        331⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        332⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        333⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        334⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        335⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        336⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        337⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        338⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        339⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        340⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        341⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        342⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        343⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        344⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        345⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        346⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        347⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        348⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        349⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        350⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        351⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        352⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        353⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        354⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        355⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        356⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        357⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        358⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        359⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        360⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        361⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        362⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        363⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        364⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        365⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        366⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        367⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        368⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        369⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        370⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        371⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        372⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        373⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        374⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        375⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        376⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        377⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        378⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        379⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        380⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        381⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        382⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        383⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        384⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        385⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        386⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        387⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        388⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        389⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        390⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        391⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        392⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        393⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        394⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        395⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        396⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        397⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        398⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        399⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        400⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        401⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        402⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        403⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        404⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        405⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        406⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        407⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        408⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        409⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        410⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        411⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        412⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        413⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        414⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        415⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        416⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        417⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        418⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        419⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        420⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        421⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        422⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        423⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        424⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        425⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        426⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        427⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        428⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        429⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        430⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        431⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        432⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        433⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        434⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        435⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        436⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        437⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        438⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        439⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        440⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        441⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        442⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        443⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        444⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        445⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        446⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        447⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        448⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        447⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        446⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        445⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        444⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        443⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        442⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        441⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        440⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        439⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        438⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        437⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        436⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        435⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        434⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        433⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        432⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        431⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        430⤵
        
        PID:3132
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        431⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        429⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        428⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        427⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        426⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        425⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        424⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        423⤵
        
        PID:4612
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        424⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        422⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        421⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        420⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        419⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        418⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        417⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        416⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        415⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        414⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        413⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        412⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        411⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        410⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        409⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        408⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        407⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        406⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        405⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        404⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        403⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        402⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        401⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        400⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        399⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        398⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        397⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        396⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        395⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        394⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        393⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        392⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        391⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        390⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        389⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        388⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        387⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        386⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        385⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        384⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        383⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        382⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        381⤵
        
        PID:5080
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        382⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        380⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        379⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        378⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        377⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        376⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        375⤵
        
        PID:4632
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        376⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        374⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        373⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        372⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        371⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        370⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        369⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        368⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        367⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        366⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        365⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        364⤵
        
        PID:124
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        363⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        362⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        361⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        360⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        359⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        358⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        357⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        356⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        355⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        354⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        353⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        352⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        351⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        350⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        349⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        348⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        347⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        346⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        345⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        344⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        343⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        342⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        341⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        340⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        339⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        338⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        337⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        336⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        335⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        334⤵
        
        PID:1784
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        335⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:780
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9093.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9093.tmp.bat
        335⤵
        
        PID:3496
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1784"
        336⤵
        Enumerates processes with tasklist
        
        PID:2388
        
        C:\Windows\system32\find.exe
        
        find ":"
        336⤵
        
        PID:4652
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        336⤵
        Delays execution with timeout.exe
        
        PID:2160
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        336⤵
        
        PID:2764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        337⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        333⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        332⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        331⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        330⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        329⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        328⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        327⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        326⤵
        
        PID:4492
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        327⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4576
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp89AD.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp89AD.tmp.bat
        327⤵
        
        PID:3548
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4492"
        328⤵
        Enumerates processes with tasklist
        
        PID:1384
        
        C:\Windows\system32\find.exe
        
        find ":"
        328⤵
        
        PID:248
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        328⤵
        Delays execution with timeout.exe
        
        PID:5108
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        328⤵
        
        PID:4796
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        329⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        325⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        324⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        323⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        322⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        321⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        320⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        319⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        318⤵
        
        PID:1660
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        319⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        317⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        316⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        315⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        314⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        313⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        312⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        311⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        310⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        309⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        308⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        307⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        306⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        305⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        304⤵
        
        PID:3744
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        305⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        303⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        302⤵
        
        PID:2588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        303⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        301⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        300⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        299⤵
        
        PID:4412
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        300⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2448
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp85C5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp85C5.tmp.bat
        300⤵
        
        PID:2288
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4412"
        301⤵
        Enumerates processes with tasklist
        
        PID:3168
        
        C:\Windows\system32\find.exe
        
        find ":"
        301⤵
        
        PID:4416
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        301⤵
        Delays execution with timeout.exe
        
        PID:784
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        301⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        298⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        297⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        296⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        295⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        294⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        293⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        292⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        291⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        290⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        289⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        288⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        287⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        286⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        285⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        284⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        283⤵
        
        PID:1964
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        284⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2560
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp78D5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp78D5.tmp.bat
        284⤵
        
        PID:1280
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1964"
        285⤵
        Enumerates processes with tasklist
        
        PID:3192
        
        C:\Windows\system32\find.exe
        
        find ":"
        285⤵
        
        PID:3156
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        285⤵
        Delays execution with timeout.exe
        
        PID:1600
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        285⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        282⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        281⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        280⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        279⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        278⤵
        
        PID:3260
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        279⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        277⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        276⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        275⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        274⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        273⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        272⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        271⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        270⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        269⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        268⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        267⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        266⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        265⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        264⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        263⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        262⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        261⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        260⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        259⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        258⤵
        
        PID:2460
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        259⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3548
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp70E5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp70E5.tmp.bat
        259⤵
        
        PID:2888
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2460"
        260⤵
        Enumerates processes with tasklist
        
        PID:1076
        
        C:\Windows\system32\find.exe
        
        find ":"
        260⤵
        
        PID:4920
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        260⤵
        Delays execution with timeout.exe
        
        PID:3620
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        260⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        257⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        256⤵
        
        PID:4020
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        257⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        255⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        254⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        253⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        252⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        251⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        250⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        249⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        248⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        247⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        246⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        245⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        244⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        243⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        242⤵
        
        PID:2188
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        243⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4048
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp6433.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp6433.tmp.bat
        243⤵
        
        PID:4700
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2188"
        244⤵
        Enumerates processes with tasklist
        
        PID:3496
        
        C:\Windows\system32\find.exe
        
        find ":"
        244⤵
        
        PID:1056
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        244⤵
        Delays execution with timeout.exe
        
        PID:3492
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        244⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        241⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        240⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        239⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        238⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        237⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        236⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        235⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        234⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        233⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        232⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        231⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        230⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        229⤵
        
        PID:3576
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        230⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1020
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5BD7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp5BD7.tmp.bat
        230⤵
        
        PID:2056
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3576"
        231⤵
        Enumerates processes with tasklist
        
        PID:3672
        
        C:\Windows\system32\find.exe
        
        find ":"
        231⤵
        
        PID:2788
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        231⤵
        Delays execution with timeout.exe
        
        PID:1600
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        231⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        228⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        227⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        226⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        225⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        224⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        223⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        222⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        221⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        220⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        219⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        218⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        217⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        216⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        215⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        214⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        213⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        212⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        211⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        210⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        209⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        208⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        207⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        206⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        205⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        204⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        203⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        202⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        201⤵
        
        PID:1860
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        202⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:792
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5445.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp5445.tmp.bat
        202⤵
        
        PID:4628
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1860"
        203⤵
        Enumerates processes with tasklist
        
        PID:2332
        
        C:\Windows\system32\find.exe
        
        find ":"
        203⤵
        
        PID:1268
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        203⤵
        Delays execution with timeout.exe
        
        PID:3308
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        203⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        200⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        199⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        198⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        197⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        196⤵
        
        PID:2092
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        197⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        195⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        194⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        193⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        192⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        191⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        190⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        189⤵
        
        PID:2968
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        190⤵
        
        PID:4028
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        190⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1568
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        191⤵
        
        PID:2240
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp461C.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp461C.tmp.bat
        190⤵
        
        PID:2380
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2968"
        191⤵
        Enumerates processes with tasklist
        
        PID:4632
        
        C:\Windows\system32\find.exe
        
        find ":"
        191⤵
        
        PID:1672
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        191⤵
        Delays execution with timeout.exe
        
        PID:4372
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        191⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        188⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        187⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        186⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        185⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        184⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        183⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        182⤵
        
        PID:3044
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        183⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2640
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3F56.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3F56.tmp.bat
        183⤵
        
        PID:2744
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3044"
        184⤵
        Enumerates processes with tasklist
        
        PID:3576
        
        C:\Windows\system32\find.exe
        
        find ":"
        184⤵
        
        PID:4536
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        184⤵
        
        PID:3436
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        184⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        181⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        180⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        179⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        178⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        177⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        176⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        175⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        174⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        173⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        172⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        171⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        170⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        169⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        168⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        167⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        166⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        165⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        164⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        163⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        162⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        161⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        160⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        159⤵
        
        PID:1684
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        160⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1000
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3BDB.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3BDB.tmp.bat
        160⤵
        
        PID:1144
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1684"
        161⤵
        Enumerates processes with tasklist
        
        PID:2152
        
        C:\Windows\system32\find.exe
        
        find ":"
        161⤵
        
        PID:4352
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        161⤵
        Delays execution with timeout.exe
        
        PID:4052
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        161⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        158⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        157⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        156⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        155⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        154⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        153⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        152⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        151⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        150⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        149⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        148⤵
        
        PID:424
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        149⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        147⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        146⤵
        
        PID:3252
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        147⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5108
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp2FB6.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp2FB6.tmp.bat
        147⤵
        
        PID:240
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3252"
        148⤵
        Enumerates processes with tasklist
        
        PID:2076
        
        C:\Windows\system32\find.exe
        
        find ":"
        148⤵
        
        PID:3588
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        148⤵
        Delays execution with timeout.exe
        
        PID:4168
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        148⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        145⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        144⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        143⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        142⤵
        
        PID:2304
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        143⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        141⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        140⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        139⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        138⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        137⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        136⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        135⤵
        
        PID:3368
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        136⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        134⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        133⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        132⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        131⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        130⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        129⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        128⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        127⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        126⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        125⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        124⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        123⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        122⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        121⤵
        
        PID:1124
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        122⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3156
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp292E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp292E.tmp.bat
        122⤵
        
        PID:4592
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1124"
        123⤵
        Enumerates processes with tasklist
        
        PID:1324
        
        C:\Windows\system32\find.exe
        
        find ":"
        123⤵
        
        PID:3028
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        123⤵
        Delays execution with timeout.exe
        
        PID:1268
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        123⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        120⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        119⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        118⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        117⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        116⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        115⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        114⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        113⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        112⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        111⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        110⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        109⤵
        
        PID:2856
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        110⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        108⤵
        
        PID:4308
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        109⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        107⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        106⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        105⤵
        
        PID:2404
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        106⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        104⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        103⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        102⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        101⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        100⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        99⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        98⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        97⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        96⤵
        
        PID:784
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        97⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3484
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp1CBA.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp1CBA.tmp.bat
        97⤵
        
        PID:4252
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 784"
        98⤵
        Enumerates processes with tasklist
        
        PID:660
        
        C:\Windows\system32\find.exe
        
        find ":"
        98⤵
        
        PID:2428
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        98⤵
        Delays execution with timeout.exe
        
        PID:248
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        98⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        95⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        94⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        93⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        92⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        91⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        90⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        89⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        88⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        87⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        86⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        85⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        84⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        83⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        82⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        81⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        80⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        79⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        78⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        77⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        76⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        75⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4028
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        76⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2188
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpF4D.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpF4D.tmp.bat
        76⤵
        
        PID:1892
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4028"
        77⤵
        
        PID:2280
        
        C:\Windows\system32\find.exe
        
        find ":"
        77⤵
        
        PID:3076
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        77⤵
        Delays execution with timeout.exe
        
        PID:1568
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        77⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        74⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        73⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        72⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        71⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        70⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        69⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        68⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        67⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        66⤵
        
        PID:3588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        67⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        65⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        64⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        63⤵
        Executes dropped EXE
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        62⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        61⤵
        Executes dropped EXE
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        60⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        59⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        58⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        57⤵
        Executes dropped EXE
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        56⤵
        Executes dropped EXE
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        55⤵
        Executes dropped EXE
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        54⤵
        Executes dropped EXE
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        53⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        52⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        51⤵
        Executes dropped EXE
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        50⤵
        Executes dropped EXE
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:648
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        50⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4868
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3F3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3F3.tmp.bat
        50⤵
        
        PID:1048
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 648"
        51⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3824
        
        C:\Windows\system32\find.exe
        
        find ":"
        51⤵
        
        PID:3168
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        51⤵
        Delays execution with timeout.exe
        
        PID:2472
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        51⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        48⤵
        Executes dropped EXE
        
        PID:2788
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        49⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        47⤵
        Executes dropped EXE
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        46⤵
        Executes dropped EXE
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        45⤵
        Executes dropped EXE
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        44⤵
        Executes dropped EXE
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        43⤵
        Executes dropped EXE
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        42⤵
        Executes dropped EXE
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        41⤵
        Executes dropped EXE
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        40⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        39⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        38⤵
        Executes dropped EXE
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        37⤵
        Executes dropped EXE
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        36⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        35⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        34⤵
        Executes dropped EXE
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        33⤵
        Executes dropped EXE
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        32⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        31⤵
        Executes dropped EXE
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3340
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        31⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2384
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat
        31⤵
        
        PID:4288
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3340"
        32⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4672
        
        C:\Windows\system32\find.exe
        
        find ":"
        32⤵
        
        PID:4860
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        32⤵
        Delays execution with timeout.exe
        
        PID:4944
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        32⤵
        Executes dropped EXE
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        29⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        28⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        27⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        26⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        25⤵
        Executes dropped EXE
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        24⤵
        Executes dropped EXE
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        23⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        22⤵
        Executes dropped EXE
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        21⤵
        Executes dropped EXE
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        20⤵
        Executes dropped EXE
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        19⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        18⤵
        Executes dropped EXE
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        17⤵
        Executes dropped EXE
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        16⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        15⤵
        Executes dropped EXE
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        14⤵
        Executes dropped EXE
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        13⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        12⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        11⤵
        Executes dropped EXE
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        10⤵
        Executes dropped EXE
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        9⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        8⤵
        Executes dropped EXE
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        7⤵
        Executes dropped EXE
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        6⤵
        Executes dropped EXE
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        5⤵
        Executes dropped EXE
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
      "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
      4⤵
      Executes dropped EXE
      PID:2668
- - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
    "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
    3⤵
    - Executes dropped EXE
    PID:2560
- C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
  "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2432
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3480
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat
    3⤵
    PID:788
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 2432"
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2108
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:4748
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      PID:2788
  - - C:\Users\ToxicEye\rat.exe
      "rat.exe"
      4⤵
      Executes dropped EXE
      PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\STUB DO NOT RUN THISS.EXE.log

Filesize
660B

MD5
284393596fdd49bebd7b861bf339b82d

SHA1
a36767dfc423b3c7fd3ff439b616862743a053c8

SHA256
0e692bcbba51ca4e766a427c9f28a7a4a9e326d2cf835493e57a9dc2121326b5

SHA512
8d3247ee0c3bf9a9fceea23eb5c646dbd8b3d954f4d62622f49070629e642d6a13bfb0d27949e2355c081d45f5a1101f05a9972782a0f0a478ed90f551d2efeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE

Filesize
111KB

MD5
86de4e40528fd099ae01872b6af837cf

SHA1
c616d8e3dc5643a15127dce69a327ce37a6b8ab8

SHA256
7485b221926010f27cda7f15f35a5c465558eb8c20b4fc37053850ed2b4a211a

SHA512
e9912f89c17ff6e7cd897d3256a2a4cd097090dcfee2a8dd85d98de0e618513efe8d3508cca5cbeb2711f27b4602c22cadd25f8eb1b417e7244da54a5db3a4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat

Filesize
198B

MD5
ea4a3cd3a5e6dc0ac4b4035b1c7b2c93

SHA1
c8850da4dd2b17dc0e1f972f863088d7fdf7a453

SHA256
f1094d8bda36238d5e74348490cfc0118041d1310019db5dd38878e813ef3283

SHA512
0170c4443923b3809fabbd82bb1ab8212fc20a0c8497718809f893edfe854e89e3c246951668942715ff8ebc55d0ebbe21233020e20bb3570431c1f2505fb2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat

Filesize
198B

MD5
ecfc1f6c24fe8c063030f427a56867ee

SHA1
306935e7b35b96d1a471ebb581f9f87da3802e86

SHA256
a9ff9ff7dacb52e3da22189619bd45cbcf78cce5380f37ba2db9f566dff3544b

SHA512
67c7814891e917ee8bb2782aa3f157dad24a6d9e82766327e9ae599d5e1b1003d6440d3c83aa851fcddf9763abb1ad810ace2938c49e7e3e3353fc78f4b4213e

Download Submit
memory/2432-11-0x00007FFB15013000-0x00007FFB15015000-memory.dmp

Filesize
8KB

Download
memory/2432-12-0x0000023A504F0000-0x0000023A50512000-memory.dmp

Filesize
136KB

Download
memory/2432-14-0x00007FFB15010000-0x00007FFB15AD2000-memory.dmp

Filesize
10.8MB

Download
memory/2432-46-0x00007FFB15010000-0x00007FFB15AD2000-memory.dmp

Filesize
10.8MB

Download
memory/4796-100-0x00000218A3DD0000-0x00000218A3E46000-memory.dmp

Filesize
472KB

Download
memory/4796-99-0x00000218A3CA0000-0x00000218A3D4A000-memory.dmp

Filesize
680KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads