xworm | 83b5438b0b9aebf778440dcb77eb52b0231133487bdb3b372a91523505ab63c2

Analysis

max time kernel
44s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/11/2024, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SAM CHEAT bypass.exe
Size

762KB
MD5

5dde6a5017cbb35cf1710069cf9be274
SHA1

a2bb6090abf23364d36210c6fc8ac2c28f8234d2
SHA256

83b5438b0b9aebf778440dcb77eb52b0231133487bdb3b372a91523505ab63c2
SHA512

c7584c7feb4a90feb330a4c0a7e13ca1e785bea150873f30d61f420d6c917e9cd24f69fcb9acf2fe5b8aa1218abb6ea6f0ca1e76d01a8c70bcf95dffe279031b
SSDEEP

12288:5MsLc8V26+8XwREFqAgkRnQWTCoA8JmxfBdEAMjAaDvxCxRc:5MsAT89FDL6oLmhYDjXD4Rc

Score

10^/10

xworm discovery execution persistence rat trojan

Malware Config

Extracted

Family

xworm

147.185.221.23:58112

Attributes

Install_directory
%AppData%
install_file
Realtek HD Audio Universal Service.exe

Extracted

Family

xworm

Version

5.0

147.185.221.20:65300

Mutex

RMe1pa1UgjNcB2Un

Attributes

Install_directory
%AppData%
install_file
Windows Shell Experience Host.exe

aes.plain

Signatures

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral2/files/0x000d000000023b88-5.dat	family_xworm
behavioral2/files/0x0009000000023c7d-15.dat	family_xworm
behavioral2/memory/1116-23-0x00000000008A0000-0x00000000008B4000-memory.dmp	family_xworm
behavioral2/memory/4936-24-0x0000000000830000-0x000000000084A000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3796	powershell.exe
1320	powershell.exe
1084	powershell.exe
1448	powershell.exe
2116	powershell.exe
2248	powershell.exe
2016	powershell.exe
1836	powershell.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	SAM CHEAT bypass.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Shell Experience Host.lnk	Windows Shell Experience Host.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Shell Experience Host.lnk	Windows Shell Experience Host.exe

Executes dropped EXE 64 IoCs

pid	Process
1116	Realtek HD Audio Universal Service.exe
4936	Windows Shell Experience Host.exe
2368	Realtek HD Audio Universal Service.exe
2112	Windows Shell Experience Host.exe
4824	Realtek HD Audio Universal Service.exe
1976	Windows Shell Experience Host.exe
3472	Realtek HD Audio Universal Service.exe
4332	Windows Shell Experience Host.exe
5084	Realtek HD Audio Universal Service.exe
4032	Windows Shell Experience Host.exe
3604	Realtek HD Audio Universal Service.exe
1172	Windows Shell Experience Host.exe
5032	Realtek HD Audio Universal Service.exe
5112	Windows Shell Experience Host.exe
4428	Realtek HD Audio Universal Service.exe
116	Windows Shell Experience Host.exe
1560	Realtek HD Audio Universal Service.exe
5056	Windows Shell Experience Host.exe
2352	Realtek HD Audio Universal Service.exe
2916	Windows Shell Experience Host.exe
2580	Realtek HD Audio Universal Service.exe
8	Windows Shell Experience Host.exe
2992	Realtek HD Audio Universal Service.exe
4888	Windows Shell Experience Host.exe
5064	Realtek HD Audio Universal Service.exe
4296	Windows Shell Experience Host.exe
3492	Realtek HD Audio Universal Service.exe
720	Windows Shell Experience Host.exe
3400	Realtek HD Audio Universal Service.exe
1568	Windows Shell Experience Host.exe
3812	Realtek HD Audio Universal Service.exe
1932	Windows Shell Experience Host.exe
3752	Realtek HD Audio Universal Service.exe
928	Windows Shell Experience Host.exe
4216	Realtek HD Audio Universal Service.exe
4840	Windows Shell Experience Host.exe
952	Realtek HD Audio Universal Service.exe
3940	Windows Shell Experience Host.exe
2204	Realtek HD Audio Universal Service.exe
1428	Windows Shell Experience Host.exe
4272	Realtek HD Audio Universal Service.exe
4320	Windows Shell Experience Host.exe
2432	Realtek HD Audio Universal Service.exe
2244	Windows Shell Experience Host.exe
4536	Realtek HD Audio Universal Service.exe
948	Windows Shell Experience Host.exe
4632	Realtek HD Audio Universal Service.exe
1756	Windows Shell Experience Host.exe
4304	Realtek HD Audio Universal Service.exe
2852	Windows Shell Experience Host.exe
2696	Realtek HD Audio Universal Service.exe
2652	Windows Shell Experience Host.exe
2608	Realtek HD Audio Universal Service.exe
3084	Windows Shell Experience Host.exe
516	Realtek HD Audio Universal Service.exe
4716	Windows Shell Experience Host.exe
3008	Realtek HD Audio Universal Service.exe
3388	Windows Shell Experience Host.exe
1712	Realtek HD Audio Universal Service.exe
1020	Windows Shell Experience Host.exe
3384	Realtek HD Audio Universal Service.exe
4412	Windows Shell Experience Host.exe
2620	Realtek HD Audio Universal Service.exe
3924	Windows Shell Experience Host.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Realtek HD Audio Universal Service = "C:\\Users\\Admin\\AppData\\Roaming\\Realtek HD Audio Universal Service.exe"	Realtek HD Audio Universal Service.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Shell Experience Host = "C:\\Users\\Admin\\AppData\\Roaming\\Windows Shell Experience Host.exe"	Windows Shell Experience Host.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SAM CHEAT bypass.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1836	powershell.exe
1836	powershell.exe
3796	powershell.exe
3796	powershell.exe
3796	powershell.exe
1836	powershell.exe
1320	powershell.exe
1320	powershell.exe
1320	powershell.exe
1084	powershell.exe
1084	powershell.exe
1084	powershell.exe
1448	powershell.exe
1448	powershell.exe
1448	powershell.exe
2116	powershell.exe
2116	powershell.exe
2116	powershell.exe
2248	powershell.exe
2248	powershell.exe
2016	powershell.exe
2016	powershell.exe
2248	powershell.exe
2016	powershell.exe
1116	Realtek HD Audio Universal Service.exe
1116	Realtek HD Audio Universal Service.exe
4936	Windows Shell Experience Host.exe
4936	Windows Shell Experience Host.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1116	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4936	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2368	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	2112	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	1976	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4824	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	3472	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4332	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	5084	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4032	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3604	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1172	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	5032	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	5112	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4428	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	116	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	1560	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	5056	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2352	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	2916	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2580	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	8	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4888	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2992	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	5064	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4296	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	720	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3492	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	3400	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1568	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3812	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1932	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	928	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3752	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4216	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4840	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	952	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	3940	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2204	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1428	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4272	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4320	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	1836	powershell.exe
Token: SeDebugPrivilege	2432	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	2244	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3796	powershell.exe
Token: SeDebugPrivilege	4536	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	948	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4632	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1756	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	2852	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	4304	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	2696	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	1320	powershell.exe
Token: SeDebugPrivilege	2652	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	1084	powershell.exe
Token: SeDebugPrivilege	2608	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	3084	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	516	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	4716	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	3008	Realtek HD Audio Universal Service.exe
Token: SeDebugPrivilege	3388	Windows Shell Experience Host.exe
Token: SeDebugPrivilege	1448	powershell.exe
Token: SeDebugPrivilege	1712	Realtek HD Audio Universal Service.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1116	Realtek HD Audio Universal Service.exe
4936	Windows Shell Experience Host.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 1116	4740	SAM CHEAT bypass.exe	84
PID 4740 wrote to memory of 1116	4740	SAM CHEAT bypass.exe	84
PID 4740 wrote to memory of 4936	4740	SAM CHEAT bypass.exe	85
PID 4740 wrote to memory of 4936	4740	SAM CHEAT bypass.exe	85
PID 4740 wrote to memory of 4940	4740	SAM CHEAT bypass.exe	86
PID 4740 wrote to memory of 4940	4740	SAM CHEAT bypass.exe	86
PID 4740 wrote to memory of 4940	4740	SAM CHEAT bypass.exe	86
PID 4940 wrote to memory of 2368	4940	SAM CHEAT bypass.exe	87
PID 4940 wrote to memory of 2368	4940	SAM CHEAT bypass.exe	87
PID 4940 wrote to memory of 2112	4940	SAM CHEAT bypass.exe	88
PID 4940 wrote to memory of 2112	4940	SAM CHEAT bypass.exe	88
PID 4940 wrote to memory of 1632	4940	SAM CHEAT bypass.exe	134
PID 4940 wrote to memory of 1632	4940	SAM CHEAT bypass.exe	134
PID 4940 wrote to memory of 1632	4940	SAM CHEAT bypass.exe	134
PID 1632 wrote to memory of 4824	1632	SAM CHEAT bypass.exe	90
PID 1632 wrote to memory of 4824	1632	SAM CHEAT bypass.exe	90
PID 1632 wrote to memory of 1976	1632	SAM CHEAT bypass.exe	91
PID 1632 wrote to memory of 1976	1632	SAM CHEAT bypass.exe	91
PID 1632 wrote to memory of 700	1632	SAM CHEAT bypass.exe	92
PID 1632 wrote to memory of 700	1632	SAM CHEAT bypass.exe	92
PID 1632 wrote to memory of 700	1632	SAM CHEAT bypass.exe	92
PID 700 wrote to memory of 3472	700	SAM CHEAT bypass.exe	93
PID 700 wrote to memory of 3472	700	SAM CHEAT bypass.exe	93
PID 700 wrote to memory of 4332	700	SAM CHEAT bypass.exe	94
PID 700 wrote to memory of 4332	700	SAM CHEAT bypass.exe	94
PID 700 wrote to memory of 212	700	SAM CHEAT bypass.exe	153
PID 700 wrote to memory of 212	700	SAM CHEAT bypass.exe	153
PID 700 wrote to memory of 212	700	SAM CHEAT bypass.exe	153
PID 212 wrote to memory of 5084	212	SAM CHEAT bypass.exe	245
PID 212 wrote to memory of 5084	212	SAM CHEAT bypass.exe	245
PID 212 wrote to memory of 4032	212	SAM CHEAT bypass.exe	98
PID 212 wrote to memory of 4032	212	SAM CHEAT bypass.exe	98
PID 212 wrote to memory of 1992	212	SAM CHEAT bypass.exe	196
PID 212 wrote to memory of 1992	212	SAM CHEAT bypass.exe	196
PID 212 wrote to memory of 1992	212	SAM CHEAT bypass.exe	196
PID 1992 wrote to memory of 3604	1992	SAM CHEAT bypass.exe	100
PID 1992 wrote to memory of 3604	1992	SAM CHEAT bypass.exe	100
PID 1992 wrote to memory of 1172	1992	SAM CHEAT bypass.exe	101
PID 1992 wrote to memory of 1172	1992	SAM CHEAT bypass.exe	101
PID 1992 wrote to memory of 456	1992	SAM CHEAT bypass.exe	102
PID 1992 wrote to memory of 456	1992	SAM CHEAT bypass.exe	102
PID 1992 wrote to memory of 456	1992	SAM CHEAT bypass.exe	102
PID 456 wrote to memory of 5032	456	SAM CHEAT bypass.exe	103
PID 456 wrote to memory of 5032	456	SAM CHEAT bypass.exe	103
PID 456 wrote to memory of 5112	456	SAM CHEAT bypass.exe	104
PID 456 wrote to memory of 5112	456	SAM CHEAT bypass.exe	104
PID 456 wrote to memory of 3516	456	SAM CHEAT bypass.exe	105
PID 456 wrote to memory of 3516	456	SAM CHEAT bypass.exe	105
PID 456 wrote to memory of 3516	456	SAM CHEAT bypass.exe	105
PID 3516 wrote to memory of 4428	3516	SAM CHEAT bypass.exe	106
PID 3516 wrote to memory of 4428	3516	SAM CHEAT bypass.exe	106
PID 3516 wrote to memory of 116	3516	SAM CHEAT bypass.exe	107
PID 3516 wrote to memory of 116	3516	SAM CHEAT bypass.exe	107
PID 3516 wrote to memory of 3452	3516	SAM CHEAT bypass.exe	108
PID 3516 wrote to memory of 3452	3516	SAM CHEAT bypass.exe	108
PID 3516 wrote to memory of 3452	3516	SAM CHEAT bypass.exe	108
PID 3452 wrote to memory of 1560	3452	SAM CHEAT bypass.exe	285
PID 3452 wrote to memory of 1560	3452	SAM CHEAT bypass.exe	285
PID 3452 wrote to memory of 5056	3452	SAM CHEAT bypass.exe	333
PID 3452 wrote to memory of 5056	3452	SAM CHEAT bypass.exe	333
PID 3452 wrote to memory of 336	3452	SAM CHEAT bypass.exe	111
PID 3452 wrote to memory of 336	3452	SAM CHEAT bypass.exe	111
PID 3452 wrote to memory of 336	3452	SAM CHEAT bypass.exe	111
PID 336 wrote to memory of 2352	336	SAM CHEAT bypass.exe	214

C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
"C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
  "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1836
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Realtek HD Audio Universal Service.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1084
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Realtek HD Audio Universal Service.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2116
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Realtek HD Audio Universal Service.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
- C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3796
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:212
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Shell Experience Host.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1320
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Windows Shell Experience Host.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1448
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Shell Experience Host.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2248
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1992
- C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
  "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
    "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
    "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
      "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
      "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
      "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        11⤵
        Checks computer location settings
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        12⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        13⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        14⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        15⤵
        Checks computer location settings
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        16⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        18⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        19⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        20⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        21⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        22⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        23⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        24⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        25⤵
        Checks computer location settings
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        26⤵
        Checks computer location settings
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        27⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        28⤵
        Checks computer location settings
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        29⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        30⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        31⤵
        Executes dropped EXE
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        31⤵
        Checks computer location settings
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        32⤵
        Executes dropped EXE
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        32⤵
        Executes dropped EXE
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        32⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        33⤵
        Executes dropped EXE
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        33⤵
        Executes dropped EXE
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        34⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        34⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        34⤵
        Checks computer location settings
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        35⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        35⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        35⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        36⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        36⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        36⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        37⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        37⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        37⤵
        Checks computer location settings
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        38⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        38⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        38⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        39⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        39⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        39⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        40⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        40⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        40⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        41⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        41⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        41⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        42⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        42⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        42⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        43⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        43⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        44⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        44⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        44⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        45⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        45⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        45⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        46⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        46⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        46⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        47⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        47⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        47⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        48⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        48⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        48⤵
        Checks computer location settings
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        49⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        49⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        49⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        50⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        50⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        50⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        51⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        51⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        52⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        52⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        52⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        53⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        53⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        53⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        54⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        54⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        54⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        55⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        55⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        55⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        56⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        56⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        56⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        57⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        57⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        58⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        58⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        59⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        59⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        59⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        60⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        60⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        60⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        61⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        61⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        61⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        62⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        62⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        62⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        63⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        63⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        63⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        64⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        64⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        64⤵
        Checks computer location settings
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        65⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        65⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        65⤵
        Checks computer location settings
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        66⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        66⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        66⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        67⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        67⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        67⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        68⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        68⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        68⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        69⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        69⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        70⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        70⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        70⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        71⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        71⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        71⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        72⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        72⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        72⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        73⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        73⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        73⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        74⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        74⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        75⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        75⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        75⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        76⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        76⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        76⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        77⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        77⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        78⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        78⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        79⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        79⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        79⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        80⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        80⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        80⤵
        Checks computer location settings
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        81⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        81⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        81⤵
        Checks computer location settings
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        82⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        82⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        82⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        83⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        83⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        83⤵
        Checks computer location settings
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        84⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        84⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        84⤵
        Checks computer location settings
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        85⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        85⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        85⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        86⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        86⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        87⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        87⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        87⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        88⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        88⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        89⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        89⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        89⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        90⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        90⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        90⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        91⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        91⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        91⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        92⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        92⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        92⤵
        Checks computer location settings
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        93⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        93⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        94⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        94⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        94⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        95⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        95⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        95⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        96⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        96⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        96⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        97⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        97⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        97⤵
        Checks computer location settings
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        98⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        98⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        98⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        99⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        99⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        99⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        100⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        100⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        100⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        101⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        101⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        101⤵
        Checks computer location settings
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        102⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        102⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        103⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        103⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        103⤵
        Checks computer location settings
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        104⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        104⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        105⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        105⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        105⤵
        Checks computer location settings
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        106⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        106⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        106⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        107⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        107⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        107⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        108⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        108⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        108⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        109⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        109⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        110⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        110⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        110⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        111⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        111⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        111⤵
        Checks computer location settings
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        112⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        112⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        112⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        113⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        113⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        113⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        114⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        114⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        114⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        115⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        115⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        115⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        116⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        116⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        116⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        117⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        117⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        117⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        118⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        118⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        118⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        119⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        119⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        119⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        120⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        120⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        120⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        121⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        121⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        121⤵
        Checks computer location settings
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        122⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        122⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        122⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        123⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        123⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        123⤵
        Checks computer location settings
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        124⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        124⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        124⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        125⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        125⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        125⤵
        Checks computer location settings
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        126⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        126⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        126⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        127⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        127⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        128⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        128⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        128⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        129⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        129⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        129⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        130⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        130⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        130⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        131⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        131⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        131⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        132⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        132⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        132⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        133⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        133⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        133⤵
        Checks computer location settings
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        134⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        134⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        134⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        135⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        135⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        135⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        136⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        136⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        137⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        137⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        137⤵
        Checks computer location settings
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        138⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        138⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        139⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        139⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        139⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        140⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        140⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        140⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        141⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        141⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        141⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        142⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        142⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        142⤵
        Checks computer location settings
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        143⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        143⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        143⤵
        Checks computer location settings
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        144⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        144⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        145⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        145⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        145⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        146⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        146⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        146⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        147⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        147⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        147⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        148⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        148⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        149⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        149⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        149⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        150⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        150⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        151⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        151⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        151⤵
        Checks computer location settings
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        152⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        152⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        152⤵
        Checks computer location settings
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        153⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        153⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        153⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        154⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        154⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        154⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        155⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        155⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        155⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        156⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        156⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        156⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        157⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        157⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        158⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        158⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        158⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        159⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        159⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        159⤵
        Checks computer location settings
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        160⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        160⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        160⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        161⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        161⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        161⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        162⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        162⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        162⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        163⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        163⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        163⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        164⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        164⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        164⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        165⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        165⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        165⤵
        Checks computer location settings
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        166⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        166⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        166⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        167⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        167⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        167⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        168⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        168⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        168⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        169⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        169⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        169⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        170⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        170⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        170⤵
        Checks computer location settings
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        171⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        171⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        171⤵
        Checks computer location settings
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        172⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        172⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        172⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        173⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        173⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        173⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        174⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        174⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        174⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        175⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        175⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        175⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        176⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        176⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        176⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        177⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        177⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        177⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        178⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        178⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        178⤵
        Checks computer location settings
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        179⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        179⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        179⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        180⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        180⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        180⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        181⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        181⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        181⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        182⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        182⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        182⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        183⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        183⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        183⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        184⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        184⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        185⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        185⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        185⤵
        Checks computer location settings
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        186⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        186⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        186⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        187⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        187⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        187⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        188⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        188⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        188⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        189⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        189⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        189⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        190⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        190⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        190⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        191⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        191⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        192⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        192⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        192⤵
        Checks computer location settings
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        193⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        193⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        194⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        194⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        194⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        195⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        195⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        195⤵
        Checks computer location settings
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        196⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        196⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        196⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        197⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        197⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        197⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        198⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        198⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        198⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        199⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        199⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        199⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        200⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        200⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        200⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        201⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        201⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        202⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        202⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        202⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        203⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        203⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        203⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        204⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        204⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        205⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        205⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        205⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        206⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        206⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        206⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        207⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        207⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        207⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        208⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        208⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        208⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        209⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        209⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        209⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        210⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        210⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        210⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        211⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        211⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        211⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        212⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        212⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        212⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        213⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        213⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        213⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        214⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        214⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        214⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        215⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        215⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        215⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        216⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        216⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        216⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        217⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        217⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        217⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        218⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        218⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        218⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        219⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        219⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        219⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        220⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        220⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        220⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        221⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        221⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        221⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        222⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        222⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        222⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        223⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        223⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        223⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        224⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        224⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        224⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        225⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        225⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        225⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        226⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        226⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        226⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        227⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        227⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        227⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        228⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        228⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        228⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        229⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        229⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        229⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        230⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        230⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        230⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        231⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        231⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        231⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        232⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        232⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        232⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        233⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        233⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        233⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        234⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        234⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        234⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        235⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        235⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        235⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        236⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        236⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        236⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        237⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        237⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        237⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        238⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        238⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        238⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        239⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        239⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        239⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        240⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        240⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        240⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        241⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        241⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        241⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        242⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        242⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        242⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        243⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        243⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        243⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        244⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        244⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        244⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        245⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        245⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        245⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        246⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        246⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        246⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        247⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        247⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        247⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        248⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        248⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        248⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        249⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        249⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        249⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        250⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        250⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        250⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        251⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        251⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        251⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        252⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        252⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        252⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        253⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        253⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        253⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        254⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        254⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        254⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        255⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        255⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        255⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        256⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        256⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        256⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        257⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        257⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        257⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        258⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        258⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        258⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        259⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        259⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        259⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        260⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        260⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        260⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        261⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        261⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        261⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        262⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        262⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        262⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        263⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        263⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        263⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        264⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        264⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        264⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        265⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        265⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        265⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        266⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        266⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        266⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        267⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        267⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        267⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        268⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        268⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        268⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        269⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        269⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        269⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        270⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        270⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        270⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        271⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        271⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        271⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        272⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        272⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        272⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        273⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        273⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        273⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        274⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        274⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        274⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        275⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        275⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        275⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        276⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        276⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        276⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        277⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        277⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        277⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        278⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        278⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        278⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        279⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        279⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        279⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        280⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        280⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        280⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        281⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        281⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        281⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        282⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        282⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        282⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        283⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        283⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        283⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        284⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        284⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        284⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        285⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        285⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        285⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        286⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        286⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        286⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        287⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        287⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        287⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        288⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        288⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        288⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        289⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        289⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        289⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        290⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        290⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        290⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        291⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        291⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        291⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        292⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        292⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        292⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        293⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        293⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        293⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        294⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        294⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        294⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        295⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        295⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        295⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        296⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        296⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        296⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        297⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        297⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        297⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        298⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        298⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        298⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        299⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        299⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        299⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        300⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        300⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        300⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        301⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        301⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        301⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        302⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        302⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        302⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        303⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        303⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        303⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        304⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        304⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        304⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        305⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        305⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        305⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        306⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        306⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        306⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        307⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        307⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        307⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        308⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        308⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        308⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        309⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        309⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        309⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        310⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        310⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        310⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        311⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        311⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        311⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        312⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        312⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        312⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        313⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        313⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        313⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        314⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        314⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        314⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        315⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        315⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        315⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        316⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        316⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        316⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        317⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        317⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        317⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        318⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        318⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        318⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        319⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        319⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        319⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        320⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        320⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        320⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        321⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        321⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        321⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        322⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        322⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        322⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        323⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        323⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        323⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        324⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        324⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        324⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        325⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        325⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        325⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        326⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        326⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        326⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        327⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        327⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        327⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        328⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        328⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        328⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        329⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        329⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        329⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        330⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        330⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        330⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        331⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        331⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        331⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        332⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        332⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        332⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        333⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        333⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        333⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        334⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        334⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        334⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        335⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        335⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        335⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        336⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        336⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        336⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        337⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe"
        337⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe
        
        "C:\Users\Admin\AppData\Local\Temp\SAM CHEAT bypass.exe"
        337⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe"
        338⤵
        
        PID:5080

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:1632

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:1496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:5084

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Realtek HD Audio Universal Service.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
62623d22bd9e037191765d5083ce16a3

SHA1
4a07da6872672f715a4780513d95ed8ddeefd259

SHA256
95d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010

SHA512
9a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Realtek HD Audio Universal Service.exe

Filesize
53KB

MD5
ce3e5f8613ea049b651549eba3e3aa28

SHA1
1197375be314ae5a69f3b742f0f539b881aca09a

SHA256
9385116a4a3874548ffa027f4cd448d860ef8dc13fc687ce87790a01ede8e73a

SHA512
ab1428177b5ec71447003ac01f5f99d9c7f2af634f17ef53d6f6be196714faac856b0bc3f62b6fad9975dad970ec247d35f56615c62b9ad483426f4ecaae71c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Windows Shell Experience Host.exe

Filesize
86KB

MD5
17f122079462e212871a1e2eb20eaff9

SHA1
349e4b54323acce835916a2bbe40dc9c5d30931f

SHA256
f483197df60b8767d23fa820efaab0c6bcc3a4b02ebee3c8f1290ef699f6697e

SHA512
95548cb30e9e45c4024be181253200d2188b622754158f6268fa09e41327dbb8468399a1b5ddd9d868413638bf1b9b18f6814586530f2c6a0a6cbd6311234e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_idzrfkuf.bly.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1116-19-0x00007FFB76133000-0x00007FFB76135000-memory.dmp

Filesize
8KB

Download
memory/1116-23-0x00000000008A0000-0x00000000008B4000-memory.dmp

Filesize
80KB

Download
memory/1116-181-0x00007FFB76130000-0x00007FFB76BF1000-memory.dmp

Filesize
10.8MB

Download
memory/1116-56-0x00007FFB76130000-0x00007FFB76BF1000-memory.dmp

Filesize
10.8MB

Download
memory/1836-105-0x0000021CEB810000-0x0000021CEBA2C000-memory.dmp

Filesize
2.1MB

Download
memory/1836-82-0x0000021CEBD00000-0x0000021CEBD22000-memory.dmp

Filesize
136KB

Download
memory/2016-174-0x000001E77A8F0000-0x000001E77AB0C000-memory.dmp

Filesize
2.1MB

Download
memory/2248-172-0x000002B17A1A0000-0x000002B17A3BC000-memory.dmp

Filesize
2.1MB

Download
memory/3796-98-0x0000027FDDDB0000-0x0000027FDDFCC000-memory.dmp

Filesize
2.1MB

Download
memory/4936-25-0x00007FFB76130000-0x00007FFB76BF1000-memory.dmp

Filesize
10.8MB

Download
memory/4936-180-0x00007FFB76130000-0x00007FFB76BF1000-memory.dmp

Filesize
10.8MB

Download
memory/4936-24-0x0000000000830000-0x000000000084A000-memory.dmp

Filesize
104KB

Download