modiloader | 56a27d4fe9918b316ef49d625ab0b671376c50d5c5220cc76a3f5be08e970a0b

Analysis

max time kernel
5s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe
Size

1.8MB
MD5

da36cac19bc6154d19eff33dfa68d7f6
SHA1

88087003e03b7b3a0805cc698a81044b40c99610
SHA256

56a27d4fe9918b316ef49d625ab0b671376c50d5c5220cc76a3f5be08e970a0b
SHA512

73f7666792fe4b1f0bc65ec1cd5e084fd3bb1515384907625fd94d3ff44f4098c65b51b19ab23ba07b472e87a8df73a29809a2f3f66d1f5321851f12f3ca3f12
SSDEEP

24576:YverFiJoEIGw5/F8aar8JTOANhTa7TL0w4W+xZPdpADCUIzM+iRJqTVYd/pG8vGI:1o8F8IKITD3PA+KETw/ruCj

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 7 IoCs

resource	yara_rule
behavioral2/files/0x00090000000233f6-5.dat	modiloader_stage2
behavioral2/memory/4968-41-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2
behavioral2/memory/2740-57-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2
behavioral2/memory/4804-113-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2
behavioral2/memory/4884-116-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2
behavioral2/memory/1900-122-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2
behavioral2/memory/4516-136-0x0000000049240000-0x000000004940C000-memory.dmp	modiloader_stage2

Checks computer location settings 2 TTPs 17 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	gliderdeploy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	GLIDERDEPLOY.EXE

Executes dropped EXE 35 IoCs

pid	Process
4968	gliderdeploy.exe
2740	GLIDERDEPLOY.EXE
4136	SERVER.EXE
4804	GLIDERDEPLOY.EXE
4808	SERVER.EXE
4884	GLIDERDEPLOY.EXE
2320	SERVER.EXE
4516	GLIDERDEPLOY.EXE
2224	SERVER.EXE
1900	GLIDERDEPLOY.EXE
2012	SERVER.EXE
1980	GLIDERDEPLOY.EXE
2412	SERVER.EXE
3196	GLIDERDEPLOY.EXE
3100	SERVER.EXE
4564	GLIDERDEPLOY.EXE
3320	SERVER.EXE
1052	GLIDERDEPLOY.EXE
636	SERVER.EXE
3712	GLIDERDEPLOY.EXE
1504	SERVER.EXE
4916	GLIDERDEPLOY.EXE
3236	SERVER.EXE
3500	GLIDERDEPLOY.EXE
4168	SERVER.EXE
3056	GLIDERDEPLOY.EXE
4808	SERVER.EXE
4104	GLIDERDEPLOY.EXE
3144	SERVER.EXE
3604	GLIDERDEPLOY.EXE
4292	SERVER.EXE
1292	GLIDERDEPLOY.EXE
3100	SERVER.EXE
1044	GLIDERDEPLOY.EXE
1420	SERVER.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	gliderdeploy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GLIDERDEPLOY.EXE

Modifies registry class 25 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	gliderdeploy.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	GLIDERDEPLOY.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4136	SERVER.EXE
4136	SERVER.EXE
4136	SERVER.EXE
4136	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
2320	SERVER.EXE
2320	SERVER.EXE
2320	SERVER.EXE
2320	SERVER.EXE
2224	SERVER.EXE
2224	SERVER.EXE
2224	SERVER.EXE
2224	SERVER.EXE
2012	SERVER.EXE
2012	SERVER.EXE
2012	SERVER.EXE
2012	SERVER.EXE
2412	SERVER.EXE
2412	SERVER.EXE
2412	SERVER.EXE
2412	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE
3320	SERVER.EXE
3320	SERVER.EXE
3320	SERVER.EXE
3320	SERVER.EXE
636	SERVER.EXE
636	SERVER.EXE
636	SERVER.EXE
636	SERVER.EXE
1504	SERVER.EXE
1504	SERVER.EXE
1504	SERVER.EXE
1504	SERVER.EXE
3236	SERVER.EXE
3236	SERVER.EXE
3236	SERVER.EXE
3236	SERVER.EXE
4168	SERVER.EXE
4168	SERVER.EXE
4168	SERVER.EXE
4168	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
4808	SERVER.EXE
3144	SERVER.EXE
3144	SERVER.EXE
3144	SERVER.EXE
3144	SERVER.EXE
4292	SERVER.EXE
4292	SERVER.EXE
4292	SERVER.EXE
4292	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE
3100	SERVER.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4912	da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe
4520	OpenWith.exe
3060	OpenWith.exe
4412	OpenWith.exe
1468	OpenWith.exe
2948	OpenWith.exe
3312	OpenWith.exe
2276	OpenWith.exe
2464	OpenWith.exe
2736	OpenWith.exe
2528	OpenWith.exe
60	OpenWith.exe
4372	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4968	4912	da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe	86
PID 4912 wrote to memory of 4968	4912	da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe	86
PID 4912 wrote to memory of 4968	4912	da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe	86
PID 4968 wrote to memory of 2740	4968	gliderdeploy.exe	87
PID 4968 wrote to memory of 2740	4968	gliderdeploy.exe	87
PID 4968 wrote to memory of 2740	4968	gliderdeploy.exe	87
PID 4968 wrote to memory of 4136	4968	gliderdeploy.exe	88
PID 4968 wrote to memory of 4136	4968	gliderdeploy.exe	88
PID 4968 wrote to memory of 4136	4968	gliderdeploy.exe	88
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 2740 wrote to memory of 4804	2740	GLIDERDEPLOY.EXE	90
PID 2740 wrote to memory of 4804	2740	GLIDERDEPLOY.EXE	90
PID 2740 wrote to memory of 4804	2740	GLIDERDEPLOY.EXE	90
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 2740 wrote to memory of 4808	2740	GLIDERDEPLOY.EXE	124
PID 2740 wrote to memory of 4808	2740	GLIDERDEPLOY.EXE	124
PID 2740 wrote to memory of 4808	2740	GLIDERDEPLOY.EXE	124
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 4804 wrote to memory of 4884	4804	GLIDERDEPLOY.EXE	93
PID 4804 wrote to memory of 4884	4804	GLIDERDEPLOY.EXE	93
PID 4804 wrote to memory of 4884	4804	GLIDERDEPLOY.EXE	93
PID 4804 wrote to memory of 2320	4804	GLIDERDEPLOY.EXE	238
PID 4804 wrote to memory of 2320	4804	GLIDERDEPLOY.EXE	238
PID 4804 wrote to memory of 2320	4804	GLIDERDEPLOY.EXE	238
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 4136 wrote to memory of 3476	4136	SERVER.EXE	56
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 4884 wrote to memory of 4516	4884	GLIDERDEPLOY.EXE	96
PID 4884 wrote to memory of 4516	4884	GLIDERDEPLOY.EXE	96
PID 4884 wrote to memory of 4516	4884	GLIDERDEPLOY.EXE	96
PID 4808 wrote to memory of 3476	4808	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 4884 wrote to memory of 2224	4884	GLIDERDEPLOY.EXE	97
PID 4884 wrote to memory of 2224	4884	GLIDERDEPLOY.EXE	97
PID 4884 wrote to memory of 2224	4884	GLIDERDEPLOY.EXE	97
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 2320 wrote to memory of 3476	2320	SERVER.EXE	56
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 4516 wrote to memory of 1900	4516	GLIDERDEPLOY.EXE	199
PID 4516 wrote to memory of 1900	4516	GLIDERDEPLOY.EXE	199
PID 4516 wrote to memory of 1900	4516	GLIDERDEPLOY.EXE	199
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 4516 wrote to memory of 2012	4516	GLIDERDEPLOY.EXE	231
PID 4516 wrote to memory of 2012	4516	GLIDERDEPLOY.EXE	231
PID 4516 wrote to memory of 2012	4516	GLIDERDEPLOY.EXE	231
PID 2012 wrote to memory of 3476	2012	SERVER.EXE	56
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 2224 wrote to memory of 3476	2224	SERVER.EXE	56
PID 2012 wrote to memory of 3476	2012	SERVER.EXE	56
PID 2012 wrote to memory of 3476	2012	SERVER.EXE	56
PID 1900 wrote to memory of 1980	1900	GLIDERDEPLOY.EXE	264
PID 1900 wrote to memory of 1980	1900	GLIDERDEPLOY.EXE	264
PID 1900 wrote to memory of 1980	1900	GLIDERDEPLOY.EXE	264
PID 2012 wrote to memory of 3476	2012	SERVER.EXE	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3476
- C:\Users\Admin\AppData\Local\Temp\da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\da36cac19bc6154d19eff33dfa68d7f6_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4912
- - C:\Users\Admin\AppData\Local\Temp\gliderdeploy.exe
    C:\Users\Admin\AppData\Local\Temp\\gliderdeploy.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
      "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        21⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        22⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        23⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        24⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        25⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        26⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        27⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        28⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        29⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        30⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        31⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        32⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        33⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        34⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        35⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        36⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        37⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        38⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        39⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        40⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        41⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        42⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        43⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        44⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        45⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        46⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        47⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        48⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        49⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        50⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        51⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        52⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        53⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        54⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        55⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        56⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        57⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        58⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        59⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        60⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        61⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        62⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        63⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        64⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        65⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        66⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        67⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        68⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        69⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        70⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        71⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        72⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        73⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        74⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        75⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        76⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        77⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        78⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        79⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        80⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        81⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        82⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        83⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        84⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        85⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        86⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        87⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        88⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        89⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        90⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        91⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        92⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        93⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        94⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        95⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        96⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        97⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        98⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        99⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        100⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        101⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        102⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        103⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        104⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        105⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        106⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        107⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        108⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        109⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        110⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        111⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        112⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        113⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        114⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        115⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        116⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        117⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        118⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        119⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        120⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        121⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        122⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        123⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        124⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        125⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        126⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        127⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        128⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        129⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        130⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        131⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        132⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        133⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        134⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        135⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        136⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        137⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        138⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        139⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        140⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        141⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        142⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        143⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        144⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        145⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        146⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        147⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        148⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        149⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        150⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        151⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        152⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        153⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        154⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        155⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        156⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        157⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        158⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        159⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        160⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        161⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        162⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        163⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        164⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        165⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        166⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        167⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        168⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        169⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        170⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        171⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        172⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        173⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        174⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        175⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        176⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        177⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        178⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        179⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        180⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        181⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        182⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        183⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        184⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        185⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        186⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        187⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        188⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        189⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        190⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        191⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        192⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        193⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        194⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        195⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        196⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        197⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        198⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        199⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        200⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        201⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        202⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        203⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        204⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        205⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        206⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        207⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        208⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        209⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        210⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        211⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        212⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        213⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        214⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        215⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        216⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        217⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        218⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        219⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        220⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        221⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        222⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        223⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        224⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        225⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        226⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        227⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        228⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        229⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        230⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        231⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        232⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        233⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        234⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        235⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        236⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        237⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        238⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        239⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        240⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        241⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        242⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        243⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        244⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        245⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        246⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        247⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        248⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        249⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        250⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        251⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        252⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        253⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        254⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        255⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        256⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        257⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        258⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        259⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        260⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        261⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        262⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        263⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        264⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        265⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        266⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        267⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        268⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        269⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        270⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        271⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        272⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        273⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        274⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        275⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        276⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        277⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        278⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        279⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        280⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        281⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        282⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        283⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        284⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        285⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        286⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        287⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        288⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        289⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        290⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        291⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        292⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        293⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        294⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        295⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        296⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        297⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        298⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        299⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        300⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        301⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        302⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        303⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        304⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        305⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        306⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        307⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        308⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        309⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        310⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        311⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        312⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        313⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        314⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        315⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        316⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        317⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        318⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        319⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        320⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        321⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        322⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        323⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        324⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        325⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        326⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        327⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        328⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        329⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        330⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        331⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        332⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        333⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        334⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        335⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        336⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        337⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        338⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        339⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        340⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        341⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        342⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        343⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\GLIDERDEPLOY.EXE"
        344⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        343⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        342⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        341⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        340⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        339⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        338⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        337⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        336⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        335⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        334⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        333⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        332⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        331⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        330⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        329⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        328⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        327⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        326⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        325⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        324⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        323⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        322⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        321⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        320⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        319⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        318⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        317⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        316⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        315⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        314⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        313⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        312⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        311⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        310⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        309⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        308⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        307⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        306⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        305⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        304⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        303⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        302⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        301⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        300⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        299⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        298⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        297⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        296⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        295⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        294⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        293⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        292⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        291⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        290⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        289⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        288⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        287⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        286⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        285⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        284⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        283⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        282⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        281⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        280⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        279⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        278⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        277⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        276⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        275⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        274⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        273⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        272⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        271⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        270⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        269⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        268⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        267⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        266⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        265⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        264⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        263⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        262⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        261⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        260⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        259⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        258⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        257⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        256⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        255⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        254⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        253⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        252⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        251⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        250⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        249⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        248⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        247⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        246⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        245⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        244⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        243⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        242⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        241⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        240⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        239⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        238⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        237⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        236⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        235⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        234⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        233⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        232⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        231⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        230⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        229⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        228⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        227⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        226⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        225⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        224⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        223⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        222⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        221⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        220⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        219⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        218⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        217⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        216⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        215⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        214⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        213⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        212⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        211⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        210⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        209⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        208⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        207⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        206⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        205⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        204⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        203⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        202⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        201⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        200⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        199⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        198⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        197⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        196⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        195⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        194⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        193⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        192⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        191⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        190⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        189⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        188⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        187⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        186⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        185⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        184⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        183⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        182⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        181⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        180⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        179⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        178⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        177⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        176⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        175⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        174⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        173⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        172⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        171⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        170⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        169⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        168⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        167⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        166⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        165⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        164⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        163⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        162⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        161⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        160⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        159⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        158⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        157⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        156⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        155⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        154⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        153⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        152⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        151⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        150⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        149⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        148⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        147⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        146⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        145⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        144⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        143⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        142⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        141⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        140⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        139⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        138⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        137⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        136⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        135⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        134⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        133⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        132⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        131⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        130⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        129⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        128⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        127⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        126⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        125⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        124⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        123⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        122⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        121⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        120⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        119⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        118⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        117⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        116⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        115⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        114⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        113⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        112⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        111⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        110⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        109⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        108⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        107⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        106⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        105⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        104⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        103⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        102⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        101⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        100⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        99⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        98⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        97⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        96⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        95⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        94⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        93⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        92⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        91⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        90⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        89⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        88⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        87⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        86⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        85⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        84⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        83⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        82⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        81⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        80⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        79⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        78⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        77⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        76⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        75⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        74⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        73⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        72⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        71⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        70⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        69⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        68⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        67⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        66⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        65⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        64⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        63⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        62⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        61⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        60⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        59⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        58⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        57⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        56⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        55⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        54⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        53⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        52⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        51⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        50⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        49⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        48⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        47⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        46⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        45⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        44⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        43⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        42⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        41⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        40⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        39⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        38⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        37⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        36⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        35⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        34⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        33⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        32⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        31⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        30⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        29⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        28⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        27⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        26⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        25⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        24⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        23⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        22⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        21⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        20⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        19⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        18⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        17⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        16⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        15⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        14⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        13⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        12⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        11⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        10⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        9⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:60

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4896

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3944

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4396

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1292

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2120

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1644

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1088

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4896

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5052

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4404

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1332

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2412

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5056

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4308

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1152

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5052

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1644

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:396

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SERVER.EXE

Filesize
50KB

MD5
6b60479c101b2057bee082deb3ba93f3

SHA1
aa46de0703639e30d65259ac7a79b116afdc40fe

SHA256
eff34f42faee5c5e524f668e8e9a89823fd5426cc3cb73f52daf5c444e5baf37

SHA512
37ed7a0556dbcbbbf1b48a17f44711c411c841d6089e59797510a35a20fc900ebf2c7ff66c63fd3a55c26652fb35f8b35d5a213cfda596e537541231938e0273

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETTINGS

Filesize
5B

MD5
6bf04f14e80003fc41d259c1bd03e020

SHA1
fc3d4642b2b914d099878501c7d6be9090944514

SHA256
4bb5730ff2b704ad75c060e9d610880d20ffd3d906039a4822ce80a4cad3c498

SHA512
ef663417e50d429c0da5f95766bfbe0d85ea526fef0af33974977909adb194ff093019c45b409f8641d53c8d4daf9ae900154d214072959ad2193bda27e33ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\gliderdeploy.exe

Filesize
1.8MB

MD5
982c6b28f54ae21246cd475446966a6d

SHA1
46e63fad84a643faa5ab4447f4bbf6b76fedaca1

SHA256
9aa31e35ec0f1391c25e4c950b5139924add75218cc52017c32ef52eba3a8617

SHA512
ae5e71f78016e4b282a2d36aede1d9771c213dee8f0485aa259a1ac2991ffd8002512349051cee0f10ee8e74a5de2d0c9e642d0640f01b9b1b6da6689b1af905

Download Submit
C:\Users\Admin\AppData\Roaming\addon.dat

Filesize
21KB

MD5
963d21dfffcd109d7b48d99abbdd5211

SHA1
08c20cd72f2cf8b45a69a3b6ebfea21a25fcfd23

SHA256
63351e12c49d59aa7a7d88698843f9575fdad830bc644a3c886a28f459cad129

SHA512
1885c186cc2a866a280f3875560c3ce98e93f6587aaec6cd527049ee0440be02e6ce9b89ce4b3728d66b7cfab6398cca72636fc68a66e2948c690f346b9403bd

Download Submit
memory/216-659-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/552-1078-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/888-5425-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/916-1141-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1012-934-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1012-749-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1036-1119-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1416-1333-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1420-286-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1492-1713-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1504-163-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1572-308-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1576-1819-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1688-483-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1760-735-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1900-122-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/1984-1380-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2012-341-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2012-83-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2224-65-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2320-45-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2412-99-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2468-467-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2484-364-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2504-420-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2516-2470-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2600-1425-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2644-584-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2652-2338-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2740-57-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/2792-685-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2840-2074-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2884-1938-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2984-559-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3052-320-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3100-142-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3144-233-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3164-672-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3200-1625-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3236-2492-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3236-183-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3412-723-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3476-20-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3476-32-0x000000007FFB0000-0x000000007FFB6000-memory.dmp

Filesize
24KB

Download
memory/3500-1322-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3664-768-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3864-803-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3908-5244-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3920-2569-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3920-611-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3988-5376-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4052-536-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4068-1833-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4084-1018-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4112-295-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4136-53-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4136-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4136-21-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/4220-2242-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4240-436-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4392-1107-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4516-136-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/4576-1637-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4612-458-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4640-896-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4684-2156-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4688-644-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4804-113-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/4808-30-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4808-239-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4884-116-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/4916-976-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4940-499-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4968-41-0x0000000049240000-0x000000004940C000-memory.dmp

Filesize
1.8MB

Download
memory/5004-395-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download