toxiceye | 9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8

General

Target

BootstrapperV1.16.exe
Size

381KB
MD5

12d943d0d655d4d54b91d175c3e46e02
SHA1

9b115a4874f3da04e29315e09e50a2d61b826de8
SHA256

9d6024dfb9f60054eb1316eb33bf8cbc5c802d9e477a9603db5e1ed585e556f8
SHA512

1746222789c3f480f9364f3dd654f41be5ed3d520a58f5cd69e0cd08a8d59b81a796c6ac3e6603db493f3d5a48bc748280e19cfd48f4925f7fc38b16b9e38640
SSDEEP

6144:mSncRleSncRlFSncRl0snwou0bUrCsnwou0bUr:r4p4O4Dnwou5vnwou5

Score

10^/10

toxiceye discovery rat trojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7302074945:AAGKx5TnjPyRM_fqN4XQLd4uz-PUp4nl8w4/sendMessage?chat_id=6414125020

Signatures

ToxicEye
ToxicEye is a trojan written in C#.
rat trojan toxiceye

Executes dropped EXE 64 IoCs

Processes:

STUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXErat.exeSTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXErat.exeSTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXE

pid	process
2432	STUB DO NOT RUN THISS.EXE
2560	STUB DO NOT RUN THISS.EXE
2668	STUB DO NOT RUN THISS.EXE
920	STUB DO NOT RUN THISS.EXE
3104	STUB DO NOT RUN THISS.EXE
2344	STUB DO NOT RUN THISS.EXE
4744	STUB DO NOT RUN THISS.EXE
2420	STUB DO NOT RUN THISS.EXE
3100	STUB DO NOT RUN THISS.EXE
4540	STUB DO NOT RUN THISS.EXE
1956	STUB DO NOT RUN THISS.EXE
2424	STUB DO NOT RUN THISS.EXE
784	STUB DO NOT RUN THISS.EXE
4444	STUB DO NOT RUN THISS.EXE
2624	STUB DO NOT RUN THISS.EXE
3176	STUB DO NOT RUN THISS.EXE
3984	STUB DO NOT RUN THISS.EXE
1568	STUB DO NOT RUN THISS.EXE
4108	STUB DO NOT RUN THISS.EXE
3448	STUB DO NOT RUN THISS.EXE
3596	STUB DO NOT RUN THISS.EXE
4860	STUB DO NOT RUN THISS.EXE
4872	STUB DO NOT RUN THISS.EXE
3544	STUB DO NOT RUN THISS.EXE
2768	STUB DO NOT RUN THISS.EXE
4836	STUB DO NOT RUN THISS.EXE
2240	STUB DO NOT RUN THISS.EXE
2388	STUB DO NOT RUN THISS.EXE
3340	STUB DO NOT RUN THISS.EXE
4888	STUB DO NOT RUN THISS.EXE
4048	STUB DO NOT RUN THISS.EXE
4372	STUB DO NOT RUN THISS.EXE
4108	STUB DO NOT RUN THISS.EXE
2288	STUB DO NOT RUN THISS.EXE
1660	rat.exe
1152	STUB DO NOT RUN THISS.EXE
3604	STUB DO NOT RUN THISS.EXE
240	STUB DO NOT RUN THISS.EXE
1020	STUB DO NOT RUN THISS.EXE
2164	STUB DO NOT RUN THISS.EXE
1316	STUB DO NOT RUN THISS.EXE
3744	STUB DO NOT RUN THISS.EXE
3480	STUB DO NOT RUN THISS.EXE
3944	STUB DO NOT RUN THISS.EXE
4648	STUB DO NOT RUN THISS.EXE
1808	STUB DO NOT RUN THISS.EXE
4392	STUB DO NOT RUN THISS.EXE
2788	STUB DO NOT RUN THISS.EXE
648	STUB DO NOT RUN THISS.EXE
4656	STUB DO NOT RUN THISS.EXE
3576	STUB DO NOT RUN THISS.EXE
772	STUB DO NOT RUN THISS.EXE
1956	STUB DO NOT RUN THISS.EXE
2224	STUB DO NOT RUN THISS.EXE
3460	STUB DO NOT RUN THISS.EXE
440	STUB DO NOT RUN THISS.EXE
488	STUB DO NOT RUN THISS.EXE
1608	STUB DO NOT RUN THISS.EXE
4920	rat.exe
1944	STUB DO NOT RUN THISS.EXE
2252	STUB DO NOT RUN THISS.EXE
420	STUB DO NOT RUN THISS.EXE
2876	STUB DO NOT RUN THISS.EXE
3844	STUB DO NOT RUN THISS.EXE

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exetasklist.exe

pid	process
4700
4236
4952
2100
2928
2332	tasklist.exe
3672	tasklist.exe
5072
2980
1324	tasklist.exe
2060
1528
1808
412
488
2876
1076	tasklist.exe
3956
2564
2336
2368
4604
1924
560
4160
4996
2152	tasklist.exe
4632	tasklist.exe
3168	tasklist.exe
2108	tasklist.exe
4672	tasklist.exe
4384
2100
4360
3696
4964
2388	tasklist.exe
4596
1208
2564
3480
2448
3820
3044
3824	tasklist.exe
1152
4172
4392
1600
4252
3100
3192	tasklist.exe
4900
4768
2076	tasklist.exe
3496	tasklist.exe
1384	tasklist.exe
1208
2512
660	tasklist.exe
3576	tasklist.exe
1340
4236
2368

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

BOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBootstrapperV1.16.exeBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BootstrapperV1.16.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BOOTSTRAPPERV1.16.EXE

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
1268	timeout.exe
1164
4676
4316
2176
4348
2912
4168	timeout.exe
4168
4040
2588
4908
1568	timeout.exe
2640
860
2592
3576
4636
3492	timeout.exe
4440
4632
3184
2864
1976
3324
3308	timeout.exe
2624
1784
4932
4052	timeout.exe
1600	timeout.exe
784	timeout.exe
1164
3620	timeout.exe
1600	timeout.exe
4656
2300
2556
3516
4372	timeout.exe
244
836
4892
2244
5108	timeout.exe
4468
4672
3060
2624
2472	timeout.exe
3176
2904
2876
2488
4820
4944	timeout.exe
2160	timeout.exe
3060
2252
1460
4768
248	timeout.exe
3180
4564

Scheduled Task/Job: Scheduled Task 1 TTPs 64 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid	process
780	schtasks.exe
1456
4196
2148
3480
3484	schtasks.exe
892
4876
4956
1616
1000	schtasks.exe
1568	schtasks.exe
3508
488
2300
2060
3556
2252
916
4596
4180
1492
1480
4984
2160
3556
4196
2384	schtasks.exe
3156	schtasks.exe
1020	schtasks.exe
4596
1076
436
1440
4868	schtasks.exe
2640	schtasks.exe
3548	schtasks.exe
576
944
4980
1332
2448	schtasks.exe
3024
1876
3652
2244
4380
4224
2284
780
4824
4048	schtasks.exe
3480	schtasks.exe
2188	schtasks.exe
5108	schtasks.exe
792	schtasks.exe
3448
2560	schtasks.exe
4672
420
4576	schtasks.exe
3904	schtasks.exe
2100
2572

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

STUB DO NOT RUN THISS.EXESTUB DO NOT RUN THISS.EXEtasklist.exeSTUB DO NOT RUN THISS.EXEtasklist.exeSTUB DO NOT RUN THISS.EXEtasklist.exe

description	pid	process
Token: SeDebugPrivilege	2432	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	3340	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	2108	tasklist.exe
Token: SeDebugPrivilege	648	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	4672	tasklist.exe
Token: SeDebugPrivilege	4028	STUB DO NOT RUN THISS.EXE
Token: SeDebugPrivilege	3824	tasklist.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BootstrapperV1.16.exeBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXEBOOTSTRAPPERV1.16.EXE

description	pid	process	target process
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	BOOTSTRAPPERV1.16.EXE
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	BOOTSTRAPPERV1.16.EXE
PID 4920 wrote to memory of 4620	4920	BootstrapperV1.16.exe	BOOTSTRAPPERV1.16.EXE
PID 4920 wrote to memory of 2432	4920	BootstrapperV1.16.exe	STUB DO NOT RUN THISS.EXE
PID 4920 wrote to memory of 2432	4920	BootstrapperV1.16.exe	STUB DO NOT RUN THISS.EXE
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 4620 wrote to memory of 2564	4620	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 4620 wrote to memory of 2560	4620	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 4620 wrote to memory of 2560	4620	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2564 wrote to memory of 2196	2564	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2564 wrote to memory of 2668	2564	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2564 wrote to memory of 2668	2564	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2196 wrote to memory of 1000	2196	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2196 wrote to memory of 920	2196	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 2196 wrote to memory of 920	2196	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1000 wrote to memory of 3556	1000	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1000 wrote to memory of 3104	1000	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1000 wrote to memory of 3104	1000	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3556 wrote to memory of 1464	3556	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3556 wrote to memory of 2344	3556	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 3556 wrote to memory of 2344	3556	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1464 wrote to memory of 2912	1464	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1464 wrote to memory of 4744	1464	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1464 wrote to memory of 4744	1464	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2912 wrote to memory of 3436	2912	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 2912 wrote to memory of 2420	2912	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 2912 wrote to memory of 2420	2912	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3436 wrote to memory of 780	3436	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 3436 wrote to memory of 3100	3436	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 3436 wrote to memory of 3100	3436	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 780 wrote to memory of 236	780	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 780 wrote to memory of 4540	780	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 780 wrote to memory of 4540	780	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 236 wrote to memory of 1456	236	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 236 wrote to memory of 1956	236	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 236 wrote to memory of 1956	236	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1456 wrote to memory of 2008	1456	BOOTSTRAPPERV1.16.EXE	BOOTSTRAPPERV1.16.EXE
PID 1456 wrote to memory of 2424	1456	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 1456 wrote to memory of 2424	1456	BOOTSTRAPPERV1.16.EXE	STUB DO NOT RUN THISS.EXE
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 2008 wrote to memory of 3260	2008	BOOTSTRAPPERV1.16.EXE	Conhost.exe
PID 2008 wrote to memory of 784	2008	BOOTSTRAPPERV1.16.EXE	Conhost.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.16.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperV1.16.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
  "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4620
- - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
    "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
      "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        11⤵
        Suspicious use of WriteProcessMemory
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        12⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        13⤵
        Suspicious use of WriteProcessMemory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        15⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        17⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        21⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        27⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        33⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        34⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        36⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        40⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        42⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        43⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        44⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        45⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        48⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        53⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        54⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        60⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        61⤵
        System Location Discovery: System Language Discovery
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        63⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        67⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        68⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        69⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        75⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        82⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        87⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        89⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        91⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        92⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        93⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        94⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        95⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        96⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        97⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        98⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        99⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        100⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        101⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        102⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        103⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        104⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        105⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        106⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        107⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        108⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        109⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        110⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        111⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        112⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        113⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        114⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        115⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        116⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        117⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        118⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        119⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        120⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        121⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        122⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        123⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        124⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        125⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        126⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        127⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        128⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        129⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        130⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        131⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        132⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        133⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        134⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        135⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        136⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        137⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        138⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        139⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        140⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        141⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        142⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        143⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        144⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        145⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        146⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        147⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        148⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        149⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        150⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        151⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        152⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        153⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        154⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        155⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        156⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        157⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        158⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        159⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        160⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        161⤵
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        162⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        163⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        164⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        165⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        166⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        167⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        168⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        169⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        170⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        171⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        172⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        173⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        174⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        175⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        176⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        177⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        178⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        179⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        180⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        181⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        182⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        183⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        184⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        185⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        186⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        187⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        188⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        189⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        190⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        191⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        192⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        193⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        194⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        195⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        196⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        197⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        198⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        199⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        200⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        201⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        202⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        203⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        204⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        205⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        206⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        207⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        208⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        209⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        210⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        211⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        212⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        213⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        214⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        215⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        216⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        217⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        218⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        219⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        220⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        221⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        222⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        223⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        224⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        225⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        226⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        227⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        228⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        229⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        230⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        231⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        232⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        233⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        234⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        235⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        236⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        237⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        238⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        239⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        240⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        241⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        242⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        243⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        244⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        245⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        246⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        247⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        248⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        249⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        250⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        251⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        252⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        253⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        254⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        255⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        256⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        257⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        258⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        259⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        260⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        261⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        262⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        263⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        264⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        265⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        266⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        267⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        268⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        269⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        270⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        271⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        272⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        273⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        274⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        275⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        276⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        277⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        278⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        279⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        280⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        281⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        282⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        283⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        284⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        285⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        286⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        287⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        288⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        289⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        290⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        291⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        292⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        293⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        294⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        295⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        296⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        297⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        298⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        299⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        300⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        301⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        302⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        303⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        304⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        305⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        306⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        307⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        308⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        309⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        310⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        311⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        312⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        313⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        314⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        315⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        316⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        317⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        318⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        319⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        320⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        321⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        322⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        323⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        324⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        325⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        326⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        327⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        328⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        329⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        330⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        331⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        332⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        333⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        334⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        335⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        336⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        337⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        338⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        339⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        340⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        341⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        342⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        343⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        344⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        345⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        346⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        347⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        348⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        349⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        350⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        351⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        352⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        353⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        354⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        355⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        356⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        357⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        358⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        359⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        360⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        361⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        362⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        363⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        364⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        365⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        366⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        367⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        368⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        369⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        370⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        371⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        372⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        373⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        374⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        375⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        376⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        377⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        378⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        379⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        380⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        381⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        382⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        383⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        384⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        385⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        386⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        387⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        388⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        389⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        390⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        391⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        392⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        393⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        394⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        395⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        396⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        397⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        398⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        399⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        400⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        401⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        402⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        403⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        404⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        405⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        406⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        407⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        408⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        409⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        410⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        411⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        412⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        413⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        414⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        415⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        416⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        417⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        418⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        419⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        420⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        421⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        422⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        423⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        424⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        425⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        426⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        427⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        428⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        429⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        430⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        431⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        432⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        433⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        434⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        435⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        436⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        437⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        438⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        439⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        440⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        441⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        442⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        443⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        444⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        445⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        446⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        447⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\BOOTSTRAPPERV1.16.EXE"
        448⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        447⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        446⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        445⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        444⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        443⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        442⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        441⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        440⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        439⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        438⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        437⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        436⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        435⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        434⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        433⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        432⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        431⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        430⤵
        
        PID:3132
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        431⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        429⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        428⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        427⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        426⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        425⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        424⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        423⤵
        
        PID:4612
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        424⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        422⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        421⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        420⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        419⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        418⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        417⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        416⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        415⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        414⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        413⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        412⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        411⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        410⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        409⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        408⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        407⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        406⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        405⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        404⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        403⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        402⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        401⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        400⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        399⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        398⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        397⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        396⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        395⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        394⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        393⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        392⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        391⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        390⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        389⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        388⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        387⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        386⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        385⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        384⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        383⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        382⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        381⤵
        
        PID:5080
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        382⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        380⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        379⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        378⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        377⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        376⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        375⤵
        
        PID:4632
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        376⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        374⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        373⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        372⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        371⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        370⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        369⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        368⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        367⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        366⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        365⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        364⤵
        
        PID:124
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        363⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        362⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        361⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        360⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        359⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        358⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        357⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        356⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        355⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        354⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        353⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        352⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        351⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        350⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        349⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        348⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        347⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        346⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        345⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        344⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        343⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        342⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        341⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        340⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        339⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        338⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        337⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        336⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        335⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        334⤵
        
        PID:1784
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        335⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:780
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp9093.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp9093.tmp.bat
        335⤵
        
        PID:3496
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1784"
        336⤵
        Enumerates processes with tasklist
        
        PID:2388
        
        C:\Windows\system32\find.exe
        
        find ":"
        336⤵
        
        PID:4652
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        336⤵
        Delays execution with timeout.exe
        
        PID:2160
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        336⤵
        
        PID:2764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        337⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        333⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        332⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        331⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        330⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        329⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        328⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        327⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        326⤵
        
        PID:4492
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        327⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4576
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp89AD.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp89AD.tmp.bat
        327⤵
        
        PID:3548
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4492"
        328⤵
        Enumerates processes with tasklist
        
        PID:1384
        
        C:\Windows\system32\find.exe
        
        find ":"
        328⤵
        
        PID:248
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        328⤵
        Delays execution with timeout.exe
        
        PID:5108
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        328⤵
        
        PID:4796
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        329⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        325⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        324⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        323⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        322⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        321⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        320⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        319⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        318⤵
        
        PID:1660
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        319⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        317⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        316⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        315⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        314⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        313⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        312⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        311⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        310⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        309⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        308⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        307⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        306⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        305⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        304⤵
        
        PID:3744
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        305⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        303⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        302⤵
        
        PID:2588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        303⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        301⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        300⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        299⤵
        
        PID:4412
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        300⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2448
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp85C5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp85C5.tmp.bat
        300⤵
        
        PID:2288
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4412"
        301⤵
        Enumerates processes with tasklist
        
        PID:3168
        
        C:\Windows\system32\find.exe
        
        find ":"
        301⤵
        
        PID:4416
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        301⤵
        Delays execution with timeout.exe
        
        PID:784
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        301⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        298⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        297⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        296⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        295⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        294⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        293⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        292⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        291⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        290⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        289⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        288⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        287⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        286⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        285⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        284⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        283⤵
        
        PID:1964
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        284⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2560
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp78D5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp78D5.tmp.bat
        284⤵
        
        PID:1280
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1964"
        285⤵
        Enumerates processes with tasklist
        
        PID:3192
        
        C:\Windows\system32\find.exe
        
        find ":"
        285⤵
        
        PID:3156
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        285⤵
        Delays execution with timeout.exe
        
        PID:1600
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        285⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        282⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        281⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        280⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        279⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        278⤵
        
        PID:3260
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        279⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        277⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        276⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        275⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        274⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        273⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        272⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        271⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        270⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        269⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        268⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        267⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        266⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        265⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        264⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        263⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        262⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        261⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        260⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        259⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        258⤵
        
        PID:2460
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        259⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3548
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp70E5.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp70E5.tmp.bat
        259⤵
        
        PID:2888
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2460"
        260⤵
        Enumerates processes with tasklist
        
        PID:1076
        
        C:\Windows\system32\find.exe
        
        find ":"
        260⤵
        
        PID:4920
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        260⤵
        Delays execution with timeout.exe
        
        PID:3620
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        260⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        257⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        256⤵
        
        PID:4020
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        257⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        255⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        254⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        253⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        252⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        251⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        250⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        249⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        248⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        247⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        246⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        245⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        244⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        243⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        242⤵
        
        PID:2188
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        243⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4048
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp6433.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp6433.tmp.bat
        243⤵
        
        PID:4700
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2188"
        244⤵
        Enumerates processes with tasklist
        
        PID:3496
        
        C:\Windows\system32\find.exe
        
        find ":"
        244⤵
        
        PID:1056
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        244⤵
        Delays execution with timeout.exe
        
        PID:3492
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        244⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        241⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        240⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        239⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        238⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        237⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        236⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        235⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        234⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        233⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        232⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        231⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        230⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        229⤵
        
        PID:3576
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        230⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1020
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5BD7.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp5BD7.tmp.bat
        230⤵
        
        PID:2056
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3576"
        231⤵
        Enumerates processes with tasklist
        
        PID:3672
        
        C:\Windows\system32\find.exe
        
        find ":"
        231⤵
        
        PID:2788
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        231⤵
        Delays execution with timeout.exe
        
        PID:1600
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        231⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        228⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        227⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        226⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        225⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        224⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        223⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        222⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        221⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        220⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        219⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        218⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        217⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        216⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        215⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        214⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        213⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        212⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        211⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        210⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        209⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        208⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        207⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        206⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        205⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        204⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        203⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        202⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        201⤵
        
        PID:1860
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        202⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:792
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5445.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp5445.tmp.bat
        202⤵
        
        PID:4628
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1860"
        203⤵
        Enumerates processes with tasklist
        
        PID:2332
        
        C:\Windows\system32\find.exe
        
        find ":"
        203⤵
        
        PID:1268
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        203⤵
        Delays execution with timeout.exe
        
        PID:3308
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        203⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        200⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        199⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        198⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        197⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        196⤵
        
        PID:2092
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        197⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        195⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        194⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        193⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        192⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        191⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        190⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        189⤵
        
        PID:2968
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        190⤵
        
        PID:4028
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        190⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1568
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        191⤵
        
        PID:2240
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp461C.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp461C.tmp.bat
        190⤵
        
        PID:2380
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 2968"
        191⤵
        Enumerates processes with tasklist
        
        PID:4632
        
        C:\Windows\system32\find.exe
        
        find ":"
        191⤵
        
        PID:1672
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        191⤵
        Delays execution with timeout.exe
        
        PID:4372
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        191⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        188⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        187⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        186⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        185⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        184⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        183⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        182⤵
        
        PID:3044
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        183⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2640
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3F56.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3F56.tmp.bat
        183⤵
        
        PID:2744
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3044"
        184⤵
        Enumerates processes with tasklist
        
        PID:3576
        
        C:\Windows\system32\find.exe
        
        find ":"
        184⤵
        
        PID:4536
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        184⤵
        
        PID:3436
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        184⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        181⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        180⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        179⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        178⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        177⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        176⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        175⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        174⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        173⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        172⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        171⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        170⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        169⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        168⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        167⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        166⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        165⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        164⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        163⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        162⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        161⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        160⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        159⤵
        
        PID:1684
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        160⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1000
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3BDB.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3BDB.tmp.bat
        160⤵
        
        PID:1144
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1684"
        161⤵
        Enumerates processes with tasklist
        
        PID:2152
        
        C:\Windows\system32\find.exe
        
        find ":"
        161⤵
        
        PID:4352
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        161⤵
        Delays execution with timeout.exe
        
        PID:4052
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        161⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        158⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        157⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        156⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        155⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        154⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        153⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        152⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        151⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        150⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        149⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        148⤵
        
        PID:424
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        149⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        147⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        146⤵
        
        PID:3252
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        147⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:5108
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp2FB6.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp2FB6.tmp.bat
        147⤵
        
        PID:240
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3252"
        148⤵
        Enumerates processes with tasklist
        
        PID:2076
        
        C:\Windows\system32\find.exe
        
        find ":"
        148⤵
        
        PID:3588
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        148⤵
        Delays execution with timeout.exe
        
        PID:4168
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        148⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        145⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        144⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        143⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        142⤵
        
        PID:2304
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        143⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        141⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        140⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        139⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        138⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        137⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        136⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        135⤵
        
        PID:3368
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        136⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        134⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        133⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        132⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        131⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        130⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        129⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        128⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        127⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        126⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        125⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        124⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        123⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        122⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        121⤵
        
        PID:1124
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        122⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3156
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp292E.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp292E.tmp.bat
        122⤵
        
        PID:4592
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 1124"
        123⤵
        Enumerates processes with tasklist
        
        PID:1324
        
        C:\Windows\system32\find.exe
        
        find ":"
        123⤵
        
        PID:3028
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        123⤵
        Delays execution with timeout.exe
        
        PID:1268
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        123⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        120⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        119⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        118⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        117⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        116⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        115⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        114⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        113⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        112⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        111⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        110⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        109⤵
        
        PID:2856
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        110⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        108⤵
        
        PID:4308
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        109⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        107⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        106⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        105⤵
        
        PID:2404
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        106⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        104⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        103⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        102⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        101⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        100⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        99⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        98⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        97⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        96⤵
        
        PID:784
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        97⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:3484
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp1CBA.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp1CBA.tmp.bat
        97⤵
        
        PID:4252
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 784"
        98⤵
        Enumerates processes with tasklist
        
        PID:660
        
        C:\Windows\system32\find.exe
        
        find ":"
        98⤵
        
        PID:2428
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        98⤵
        Delays execution with timeout.exe
        
        PID:248
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        98⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        95⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        94⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        93⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        92⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        91⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        90⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        89⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        88⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        87⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        86⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        85⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        84⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        83⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        82⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        81⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        80⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        79⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        78⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        77⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        76⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        75⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4028
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        76⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2188
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpF4D.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpF4D.tmp.bat
        76⤵
        
        PID:1892
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 4028"
        77⤵
        
        PID:2280
        
        C:\Windows\system32\find.exe
        
        find ":"
        77⤵
        
        PID:3076
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        77⤵
        Delays execution with timeout.exe
        
        PID:1568
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        77⤵
        
        PID:248
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        74⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        73⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        72⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        71⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        70⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        69⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        68⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        67⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        66⤵
        
        PID:3588
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        67⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        65⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        64⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        63⤵
        Executes dropped EXE
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        62⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        61⤵
        Executes dropped EXE
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        60⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        59⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        58⤵
        Executes dropped EXE
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        57⤵
        Executes dropped EXE
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        56⤵
        Executes dropped EXE
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        55⤵
        Executes dropped EXE
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        54⤵
        Executes dropped EXE
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        53⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        52⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        51⤵
        Executes dropped EXE
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        50⤵
        Executes dropped EXE
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:648
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        50⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4868
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp3F3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmp3F3.tmp.bat
        50⤵
        
        PID:1048
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 648"
        51⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3824
        
        C:\Windows\system32\find.exe
        
        find ":"
        51⤵
        
        PID:3168
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        51⤵
        Delays execution with timeout.exe
        
        PID:2472
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        51⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        48⤵
        Executes dropped EXE
        
        PID:2788
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        49⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        47⤵
        Executes dropped EXE
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        46⤵
        Executes dropped EXE
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        45⤵
        Executes dropped EXE
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        44⤵
        Executes dropped EXE
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        43⤵
        Executes dropped EXE
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        42⤵
        Executes dropped EXE
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        41⤵
        Executes dropped EXE
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        40⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        39⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        38⤵
        Executes dropped EXE
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        37⤵
        Executes dropped EXE
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        36⤵
        Executes dropped EXE
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        35⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        34⤵
        Executes dropped EXE
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        33⤵
        Executes dropped EXE
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        32⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        31⤵
        Executes dropped EXE
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3340
        
        C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
        31⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2384
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat
        31⤵
        
        PID:4288
        
        C:\Windows\system32\tasklist.exe
        
        Tasklist /fi "PID eq 3340"
        32⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4672
        
        C:\Windows\system32\find.exe
        
        find ":"
        32⤵
        
        PID:4860
        
        C:\Windows\system32\timeout.exe
        
        Timeout /T 1 /Nobreak
        32⤵
        Delays execution with timeout.exe
        
        PID:4944
        
        C:\Users\ToxicEye\rat.exe
        
        "rat.exe"
        32⤵
        Executes dropped EXE
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        29⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        28⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        27⤵
        Executes dropped EXE
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        26⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        25⤵
        Executes dropped EXE
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        24⤵
        Executes dropped EXE
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        23⤵
        Executes dropped EXE
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        22⤵
        Executes dropped EXE
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        21⤵
        Executes dropped EXE
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        20⤵
        Executes dropped EXE
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        19⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        18⤵
        Executes dropped EXE
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        17⤵
        Executes dropped EXE
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        16⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        15⤵
        Executes dropped EXE
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        14⤵
        Executes dropped EXE
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        13⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        12⤵
        Executes dropped EXE
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        11⤵
        Executes dropped EXE
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        10⤵
        Executes dropped EXE
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        9⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        8⤵
        Executes dropped EXE
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        7⤵
        Executes dropped EXE
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        6⤵
        Executes dropped EXE
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
        5⤵
        Executes dropped EXE
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
      "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
      4⤵
      Executes dropped EXE
      PID:2668
- - C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
    "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
    3⤵
    - Executes dropped EXE
    PID:2560
- C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE
  "C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2432
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "Chrome Update" /tr "C:\Users\ToxicEye\rat.exe"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3480
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat
    3⤵
    PID:788
  - - C:\Windows\system32\tasklist.exe
      Tasklist /fi "PID eq 2432"
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2108
  - - C:\Windows\system32\find.exe
      find ":"
      4⤵
      PID:4748
  - - C:\Windows\system32\timeout.exe
      Timeout /T 1 /Nobreak
      4⤵
      PID:2788
  - - C:\Users\ToxicEye\rat.exe
      "rat.exe"
      4⤵
      Executes dropped EXE
      PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Scheduled Task

1

T1053.005

Persistence

Scheduled Task/Job

1

T1053

Scheduled Task

1

T1053.005

Privilege Escalation

Scheduled Task/Job

1

T1053

Scheduled Task

1

T1053.005

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\STUB DO NOT RUN THISS.EXE.log

Filesize
660B

MD5
284393596fdd49bebd7b861bf339b82d

SHA1
a36767dfc423b3c7fd3ff439b616862743a053c8

SHA256
0e692bcbba51ca4e766a427c9f28a7a4a9e326d2cf835493e57a9dc2121326b5

SHA512
8d3247ee0c3bf9a9fceea23eb5c646dbd8b3d954f4d62622f49070629e642d6a13bfb0d27949e2355c081d45f5a1101f05a9972782a0f0a478ed90f551d2efeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\STUB DO NOT RUN THISS.EXE

Filesize
111KB

MD5
86de4e40528fd099ae01872b6af837cf

SHA1
c616d8e3dc5643a15127dce69a327ce37a6b8ab8

SHA256
7485b221926010f27cda7f15f35a5c465558eb8c20b4fc37053850ed2b4a211a

SHA512
e9912f89c17ff6e7cd897d3256a2a4cd097090dcfee2a8dd85d98de0e618513efe8d3508cca5cbeb2711f27b4602c22cadd25f8eb1b417e7244da54a5db3a4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEBF6.tmp.bat

Filesize
198B

MD5
ea4a3cd3a5e6dc0ac4b4035b1c7b2c93

SHA1
c8850da4dd2b17dc0e1f972f863088d7fdf7a453

SHA256
f1094d8bda36238d5e74348490cfc0118041d1310019db5dd38878e813ef3283

SHA512
0170c4443923b3809fabbd82bb1ab8212fc20a0c8497718809f893edfe854e89e3c246951668942715ff8ebc55d0ebbe21233020e20bb3570431c1f2505fb2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF6E3.tmp.bat

Filesize
198B

MD5
ecfc1f6c24fe8c063030f427a56867ee

SHA1
306935e7b35b96d1a471ebb581f9f87da3802e86

SHA256
a9ff9ff7dacb52e3da22189619bd45cbcf78cce5380f37ba2db9f566dff3544b

SHA512
67c7814891e917ee8bb2782aa3f157dad24a6d9e82766327e9ae599d5e1b1003d6440d3c83aa851fcddf9763abb1ad810ace2938c49e7e3e3353fc78f4b4213e

Download Submit
memory/2432-11-0x00007FFB15013000-0x00007FFB15015000-memory.dmp

Filesize
8KB

Download
memory/2432-12-0x0000023A504F0000-0x0000023A50512000-memory.dmp

Filesize
136KB

Download
memory/2432-14-0x00007FFB15010000-0x00007FFB15AD2000-memory.dmp

Filesize
10.8MB

Download
memory/2432-46-0x00007FFB15010000-0x00007FFB15AD2000-memory.dmp

Filesize
10.8MB

Download
memory/4796-100-0x00000218A3DD0000-0x00000218A3E46000-memory.dmp

Filesize
472KB

Download
memory/4796-99-0x00000218A3CA0000-0x00000218A3D4A000-memory.dmp

Filesize
680KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads