410923e4a189208e753bd4d6fd554160fa66702e192066a2c4463a6ed517ac04

Analysis

max time kernel
1200s
max time network
1184s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-12-2024 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

80.7MB
MD5

ec3265280757262d51d820017fe3d788
SHA1

f635e8492f911209ee0f54502af8681d5ee46ccd
SHA256

410923e4a189208e753bd4d6fd554160fa66702e192066a2c4463a6ed517ac04
SHA512

db7aef4a7cf8eb4bc7bd56248b9acf31861e64e7f2642573ba2de7aea876ebdf379bf71c17f5d7b17922fa90d0da187f9a02174301d5f74a523e1f76b5a3b144
SSDEEP

1572864:ZpGKlgWj4smwSk8IpG7V+VPhqHJE70bli08iYgj+h58sMwrDuVZeT:ZgKi9smwSkB05awHfw025fiV

Score

10^/10

discovery evasion execution persistence spyware stealer upx

Malware Config

Signatures

Process spawned unexpected child process 2 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	7200	2812	cmd.exe	88
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	7184	2812	cmd.exe	88

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	pysilon.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	pysilon.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
1480	powershell.exe
1996	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
128	attrib.exe

Executes dropped EXE 7 IoCs

pid	Process
3296	pysilon.exe
1468	pysilon.exe
4380	ffmpeg-win64-v4.2.2.exe
1788	ffmpeg-win64-v4.2.2.exe
2108	ffmpeg-win64-v4.2.2.exe
3548	ffmpeg-win64-v4.2.2.exe
5060	ffmpeg-win64-v4.2.2.exe

Loads dropped DLL 64 IoCs

pid	Process
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Pysilon = "C:\\Users\\Admin\\pysilon\\pysilon.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
111	discord.com
130	raw.githubusercontent.com
157	raw.githubusercontent.com
158	discord.com
1	discord.com
2	discord.com
5	discord.com
6	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002b01e-1263.dat	upx
behavioral1/memory/3688-1267-0x00007FF917890000-0x00007FF917E78000-memory.dmp	upx
behavioral1/files/0x001900000002ab40-1269.dat	upx
behavioral1/files/0x001900000002afc6-1276.dat	upx
behavioral1/memory/3688-1277-0x00007FF921260000-0x00007FF92126F000-memory.dmp	upx
behavioral1/memory/3688-1275-0x00007FF921270000-0x00007FF921294000-memory.dmp	upx
behavioral1/files/0x001900000002ab3e-1279.dat	upx
behavioral1/memory/3688-1281-0x00007FF921240000-0x00007FF921259000-memory.dmp	upx
behavioral1/files/0x001900000002ab46-1282.dat	upx
behavioral1/memory/3688-1283-0x00007FF91BD00000-0x00007FF91BD2D000-memory.dmp	upx
behavioral1/files/0x001c00000002ab45-1322.dat	upx
behavioral1/memory/3688-1323-0x00007FF920820000-0x00007FF920834000-memory.dmp	upx
behavioral1/files/0x001900000002af99-1321.dat	upx
behavioral1/memory/3688-1325-0x00007FF917510000-0x00007FF917885000-memory.dmp	upx
behavioral1/files/0x001900000002ab4c-1326.dat	upx
behavioral1/files/0x001900000002afc5-1324.dat	upx
behavioral1/memory/3688-1329-0x00007FF920670000-0x00007FF92067D000-memory.dmp	upx
behavioral1/files/0x001900000002b0a6-1328.dat	upx
behavioral1/memory/3688-1327-0x00007FF91BCE0000-0x00007FF91BCF9000-memory.dmp	upx
behavioral1/files/0x001900000002af98-1320.dat	upx
behavioral1/files/0x001900000002afcf-1332.dat	upx
behavioral1/memory/3688-1331-0x00007FF91BCB0000-0x00007FF91BCDE000-memory.dmp	upx
behavioral1/memory/3688-1333-0x00007FF917890000-0x00007FF917E78000-memory.dmp	upx
behavioral1/memory/3688-1334-0x00007FF91ACA0000-0x00007FF91AD58000-memory.dmp	upx
behavioral1/files/0x001c00000002ab4b-1335.dat	upx
behavioral1/memory/3688-1337-0x00007FF91D240000-0x00007FF91D24D000-memory.dmp	upx
behavioral1/memory/3688-1336-0x00007FF921270000-0x00007FF921294000-memory.dmp	upx
behavioral1/files/0x001900000002ab58-1330.dat	upx
behavioral1/files/0x001c00000002ab57-1318.dat	upx
behavioral1/memory/3688-1343-0x00007FF91BA20000-0x00007FF91BA47000-memory.dmp	upx
behavioral1/memory/3688-1342-0x00007FF91BCA0000-0x00007FF91BCAB000-memory.dmp	upx
behavioral1/memory/3688-1344-0x00007FF91AB80000-0x00007FF91AC9C000-memory.dmp	upx
behavioral1/memory/3688-1346-0x00007FF918030000-0x00007FF918067000-memory.dmp	upx
behavioral1/memory/3688-1345-0x00007FF920820000-0x00007FF920834000-memory.dmp	upx
behavioral1/memory/3688-1341-0x00007FF921260000-0x00007FF92126F000-memory.dmp	upx
behavioral1/files/0x001900000002afae-1340.dat	upx
behavioral1/files/0x001900000002afad-1339.dat	upx
behavioral1/files/0x001900000002ab4a-1315.dat	upx
behavioral1/files/0x001900000002ab47-1314.dat	upx
behavioral1/files/0x001900000002afce-1292.dat	upx
behavioral1/files/0x001900000002ab44-1312.dat	upx
behavioral1/files/0x001900000002ab41-1311.dat	upx
behavioral1/files/0x001c00000002ab3f-1310.dat	upx
behavioral1/files/0x001900000002ab3b-1309.dat	upx
behavioral1/files/0x001700000002b0cc-1308.dat	upx
behavioral1/memory/3688-1355-0x00007FF9180F0000-0x00007FF9180FC000-memory.dmp	upx
behavioral1/memory/3688-1367-0x00007FF91BA20000-0x00007FF91BA47000-memory.dmp	upx
behavioral1/memory/3688-1371-0x00007FF917F30000-0x00007FF917F3C000-memory.dmp	upx
behavioral1/memory/3688-1372-0x00007FF917470000-0x00007FF917485000-memory.dmp	upx
behavioral1/memory/3688-1370-0x00007FF917F40000-0x00007FF917F52000-memory.dmp	upx
behavioral1/memory/3688-1369-0x00007FF918030000-0x00007FF918067000-memory.dmp	upx
behavioral1/memory/3688-1373-0x00007FF917450000-0x00007FF917462000-memory.dmp	upx
behavioral1/memory/3688-1374-0x00007FF917430000-0x00007FF917444000-memory.dmp	upx
behavioral1/memory/3688-1376-0x00007FF9173E0000-0x00007FF9173FB000-memory.dmp	upx
behavioral1/memory/3688-1379-0x00007FF917370000-0x00007FF9173BD000-memory.dmp	upx
behavioral1/memory/3688-1380-0x00007FF917350000-0x00007FF917361000-memory.dmp	upx
behavioral1/memory/3688-1384-0x00007FF9172F0000-0x00007FF91730E000-memory.dmp	upx
behavioral1/memory/3688-1383-0x00007FF917470000-0x00007FF917485000-memory.dmp	upx
behavioral1/memory/3688-1386-0x00007FF916D70000-0x00007FF916DCD000-memory.dmp	upx
behavioral1/memory/3688-1385-0x00007FF917450000-0x00007FF917462000-memory.dmp	upx
behavioral1/memory/3688-1393-0x00007FF9173C0000-0x00007FF9173D9000-memory.dmp	upx
behavioral1/memory/3688-1394-0x00007FF913FB0000-0x00007FF914123000-memory.dmp	upx
behavioral1/memory/3688-1392-0x00007FF916D10000-0x00007FF916D33000-memory.dmp	upx
behavioral1/memory/3688-1391-0x00007FF9173E0000-0x00007FF9173FB000-memory.dmp	upx

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\debug.log	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1568	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133780368726123731"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	pysilon.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{C6E6A971-C2F0-4009-921F-F92F44A11CA5}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
692	vlc.exe
4608	vlc.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
3688	source_prepared.exe
1480	powershell.exe
1480	powershell.exe
1468	pysilon.exe
1468	pysilon.exe
1468	pysilon.exe
1468	pysilon.exe
1996	powershell.exe
1996	powershell.exe
1188	powershell.exe
1188	powershell.exe
1228	chrome.exe
1228	chrome.exe
4900	msedge.exe
4900	msedge.exe
544	msedge.exe
544	msedge.exe
3188	identity_helper.exe
3188	identity_helper.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1868	chrome.exe
1568	msedge.exe
1568	msedge.exe
5992	msedge.exe
6060	msedge.exe
6060	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1468	pysilon.exe
1468	pysilon.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1468	pysilon.exe
692	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3688	source_prepared.exe
Token: SeDebugPrivilege	1480	powershell.exe
Token: SeDebugPrivilege	1568	taskkill.exe
Token: SeDebugPrivilege	1468	pysilon.exe
Token: SeDebugPrivilege	1996	powershell.exe
Token: SeDebugPrivilege	1188	powershell.exe
Token: SeIncreaseQuotaPrivilege	1188	powershell.exe
Token: SeSecurityPrivilege	1188	powershell.exe
Token: SeTakeOwnershipPrivilege	1188	powershell.exe
Token: SeLoadDriverPrivilege	1188	powershell.exe
Token: SeSystemProfilePrivilege	1188	powershell.exe
Token: SeSystemtimePrivilege	1188	powershell.exe
Token: SeProfSingleProcessPrivilege	1188	powershell.exe
Token: SeIncBasePriorityPrivilege	1188	powershell.exe
Token: SeCreatePagefilePrivilege	1188	powershell.exe
Token: SeBackupPrivilege	1188	powershell.exe
Token: SeRestorePrivilege	1188	powershell.exe
Token: SeShutdownPrivilege	1188	powershell.exe
Token: SeDebugPrivilege	1188	powershell.exe
Token: SeSystemEnvironmentPrivilege	1188	powershell.exe
Token: SeRemoteShutdownPrivilege	1188	powershell.exe
Token: SeUndockPrivilege	1188	powershell.exe
Token: SeManageVolumePrivilege	1188	powershell.exe
Token: 33	1188	powershell.exe
Token: 34	1188	powershell.exe
Token: 35	1188	powershell.exe
Token: 36	1188	powershell.exe
Token: 33	3076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3076	AUDIODG.EXE
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
1228	chrome.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1468	pysilon.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
4608	vlc.exe
1464	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 3688	968	source_prepared.exe	77
PID 968 wrote to memory of 3688	968	source_prepared.exe	77
PID 3688 wrote to memory of 808	3688	source_prepared.exe	78
PID 3688 wrote to memory of 808	3688	source_prepared.exe	78
PID 3688 wrote to memory of 1480	3688	source_prepared.exe	81
PID 3688 wrote to memory of 1480	3688	source_prepared.exe	81
PID 3688 wrote to memory of 2544	3688	source_prepared.exe	83
PID 3688 wrote to memory of 2544	3688	source_prepared.exe	83
PID 2544 wrote to memory of 128	2544	cmd.exe	85
PID 2544 wrote to memory of 128	2544	cmd.exe	85
PID 2544 wrote to memory of 3296	2544	cmd.exe	86
PID 2544 wrote to memory of 3296	2544	cmd.exe	86
PID 2544 wrote to memory of 1568	2544	cmd.exe	87
PID 2544 wrote to memory of 1568	2544	cmd.exe	87
PID 3296 wrote to memory of 1468	3296	pysilon.exe	89
PID 3296 wrote to memory of 1468	3296	pysilon.exe	89
PID 1468 wrote to memory of 1920	1468	pysilon.exe	90
PID 1468 wrote to memory of 1920	1468	pysilon.exe	90
PID 1468 wrote to memory of 1996	1468	pysilon.exe	92
PID 1468 wrote to memory of 1996	1468	pysilon.exe	92
PID 1468 wrote to memory of 1188	1468	pysilon.exe	94
PID 1468 wrote to memory of 1188	1468	pysilon.exe	94
PID 1468 wrote to memory of 4380	1468	pysilon.exe	96
PID 1468 wrote to memory of 4380	1468	pysilon.exe	96
PID 1468 wrote to memory of 1788	1468	pysilon.exe	98
PID 1468 wrote to memory of 1788	1468	pysilon.exe	98
PID 1468 wrote to memory of 2108	1468	pysilon.exe	100
PID 1468 wrote to memory of 2108	1468	pysilon.exe	100
PID 1468 wrote to memory of 3548	1468	pysilon.exe	102
PID 1468 wrote to memory of 3548	1468	pysilon.exe	102
PID 1468 wrote to memory of 3676	1468	pysilon.exe	104
PID 1468 wrote to memory of 3676	1468	pysilon.exe	104
PID 1228 wrote to memory of 5100	1228	chrome.exe	109
PID 1228 wrote to memory of 5100	1228	chrome.exe	109
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110
PID 1228 wrote to memory of 2928	1228	chrome.exe	110

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
128	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
1⤵
PID:56608

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:808
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\pysilon\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\pysilon\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:128
  - - C:\Users\Admin\pysilon\pysilon.exe
      "pysilon.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3296
    - - C:\Users\Admin\pysilon\pysilon.exe
        
        "pysilon.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1468
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:1920
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\pysilon\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1996
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version
        6⤵
        Executes dropped EXE
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders
        6⤵
        Executes dropped EXE
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -
        6⤵
        Executes dropped EXE
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\pysilon\recording.mp4
        6⤵
        Executes dropped EXE
        
        PID:3548
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\recording.mp4"
        6⤵
        
        PID:3676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.21.wav"
        6⤵
        
        PID:4012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.23.wav"
        6⤵
        
        PID:3604
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\cookies.txt"
        6⤵
        
        PID:5952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.25.wav"
        6⤵
        
        PID:4812
      - C:\Program Files\VideoLAN\VLC\vlc.exe
        
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"
        6⤵
        Suspicious behavior: AddClipboardFormatListener
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI32962\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\pysilon\recording.mp4
        6⤵
        Executes dropped EXE
        
        PID:5060
      - C:\Program Files\VideoLAN\VLC\vlc.exe
        
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"
        6⤵
        Suspicious behavior: AddClipboardFormatListener
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:4608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\recording.mp4"
        6⤵
        
        PID:3012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.27.wav"
        6⤵
        
        PID:1156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.29.wav"
        6⤵
        
        PID:5788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.31.wav"
        6⤵
        
        PID:3536
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.33.wav"
        6⤵
        
        PID:4960
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=old --screenshot=C:\Users\Admin\pysilon\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html
        6⤵
        Drops file in Program Files directory
        
        PID:2924
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fd34cc40,0x7ff8fd34cc4c,0x7ff8fd34cc58
        7⤵
        
        PID:1692
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=old --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1412,i,15852777190639007563,8458542109299018469,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1400 /prefetch:2
        7⤵
        
        PID:860
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1888,i,15852777190639007563,8458542109299018469,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:3
        7⤵
        
        PID:2124
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=1948,i,15852777190639007563,8458542109299018469,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:2108
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2464,i,15852777190639007563,8458542109299018469,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:1500
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\image.png"
        6⤵
        
        PID:5260
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\ss.png"
        6⤵
        
        PID:3684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del rec_\07.12.2024_09.35.wav"
        6⤵
        
        PID:5716
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=old --screenshot=C:\Users\Admin\pysilon\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html
        6⤵
        Drops file in Program Files directory
        
        PID:440
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fd34cc40,0x7ff8fd34cc4c,0x7ff8fd34cc58
        7⤵
        
        PID:4908
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=old --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1416,i,6122758003743671208,8968753719727162379,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1404 /prefetch:2
        7⤵
        
        PID:3316
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1708,i,6122758003743671208,8968753719727162379,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:3
        7⤵
        
        PID:464
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=1740,i,6122758003743671208,8968753719727162379,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:3408
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2412,i,6122758003743671208,8968753719727162379,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:5652
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\image.png"
        6⤵
        
        PID:1260
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=old --screenshot=C:\Users\Admin\pysilon\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html
        6⤵
        Drops file in Program Files directory
        
        PID:5284
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8fd34cc40,0x7ff8fd34cc4c,0x7ff8fd34cc58
        7⤵
        
        PID:3812
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=old --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1424,i,11982957407982027918,2414340470340238799,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1416 /prefetch:2
        7⤵
        
        PID:5468
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1752,i,11982957407982027918,2414340470340238799,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:3
        7⤵
        
        PID:1988
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=1820,i,11982957407982027918,2414340470340238799,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:908
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=1768,i,11982957407982027918,2414340470340238799,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:2376
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\image.png"
        6⤵
        
        PID:972
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=old --screenshot=C:\Users\Admin\pysilon\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html
        6⤵
        Drops file in Program Files directory
        
        PID:5772
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fd34cc40,0x7ff8fd34cc4c,0x7ff8fd34cc58
        7⤵
        
        PID:6012
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=old --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1452,i,1261644657554764466,7016744875259495973,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1436 /prefetch:2
        7⤵
        
        PID:1156
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1888,i,1261644657554764466,7016744875259495973,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1884 /prefetch:3
        7⤵
        
        PID:1868
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=1944,i,1261644657554764466,7016744875259495973,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1936 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:3536
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --allow-pre-commit-input --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2460,i,1261644657554764466,7016744875259495973,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:1
        7⤵
        Drops file in Program Files directory
        
        PID:5160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\pysilon\image.png"
        6⤵
        
        PID:4492
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\wabbit.bat
        6⤵
        
        PID:1248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        7⤵
        
        PID:2932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        8⤵
        
        PID:988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:2836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:6124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:1264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12308
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:2980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:4108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:1300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:2624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:11080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:10540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:12640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:12712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:10548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:10756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:10764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:3320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:2840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:13256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:14004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:5020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:8184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        8⤵
        
        PID:4608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:2148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:3292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:7580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:7592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:3592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:6344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:7848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13572
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:7856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:15428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:6352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:7832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:7840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:1888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:2388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:4720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:12868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:13540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:14116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:14236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:15492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:5552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:4876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10660
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:13180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:13964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        7⤵
        
        PID:6076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        8⤵
        
        PID:5184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:3380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:1532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:2960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:2120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:5564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:10556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:10568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:14316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:14324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:10996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:5600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7144
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:5528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:1204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3300
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7272
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:8948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:10460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:10468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:12476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:13140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:4616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:8968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:8956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:13716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:14992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:15008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        Process spawned unexpected child process
        
        PID:7184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        Process spawned unexpected child process
        
        PID:7200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:4964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:4376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:5656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:3800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:5224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:2544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:1840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:3372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:3448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:6080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:16232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:3976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5112
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:2876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7968
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:7992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:12600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:12672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:14616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        19⤵
        
        PID:15672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9816
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:9824
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7792
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9676
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:1640
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4136
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7944
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4960
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13040
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:4416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:6520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:2360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:3608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:16044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:16052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:880
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8976
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:15892
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:3512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:8992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:12788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14012
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:5496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7408
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14812
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13724
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:1508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:4432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:2908
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:12844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        8⤵
        
        PID:6100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:5044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10776
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:10912
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9252
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15980
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:15988
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:9336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:2916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:4784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:14084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:14204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:10624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:10652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:1412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:7192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16004
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:7208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:10336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:2508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:7232
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:7240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:5304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        18⤵
        
        PID:14932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:14244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6208
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        9⤵
        
        PID:3964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:5924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3020
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:13204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7612
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:6248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:4472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14956
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7624
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7632
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6264
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:14340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:16124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:3304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:13032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        17⤵
        
        PID:14044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10124
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:9604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:7752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13996
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12772
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13452
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:7704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        10⤵
        
        PID:804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:3192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:4256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4756
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:10196
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:8556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:15876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8220
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9900
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:5132
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:13532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:9504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:12688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:1712
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9936
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:8200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        11⤵
        
        PID:1324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:3240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:32
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16176
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:4392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15680
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:15732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:16184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        12⤵
        
        PID:1428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10140
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:10156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:13700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        13⤵
        
        PID:5036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:14440
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        14⤵
        
        PID:6616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        16⤵
        
        PID:12836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
        15⤵
        
        PID:9520
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ff8fe3bcc40,0x7ff8fe3bcc4c,0x7ff8fe3bcc58
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1984,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3764,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4976,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4996,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4932,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4844,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4416,i,11414704939998495688,5374851563371134171,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff920083cb8,0x7ff920083cc8,0x7ff920083cd8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1402960735315556814,18157952747300897050,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:360

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cd2186223a351f0eed193ecbdbf06a3e

SHA1
ac7f039c52fc88b5a61433bfd6af28e67a3b5e65

SHA256
5d05a31bdf1f7b210669c9e61693442eecf6b73284760ea7be9cd9cf177d7ae9

SHA512
1f78c0f8d1270c61133aea75a51194fdf472243e2ce42d227ad5fb41e0cd94d039dd0f612bf2ca34332d260d3cc336951596adb029874fb54ebb296e798c1014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9d2bd23043ce4c24ab9b7fab2f178526

SHA1
9814639cdd273ab3dc671021d186d68beb0a964f

SHA256
c661b8068c9e4ee476a9376f4b5cfb7d33a1eb3e0fbd56cf798a4a59f38e4f69

SHA512
5fb8c897a5e74f6242544cb4f46b09e021ef4fd6a0bc0a23fd36a727ff10f1950e9bee6401e11ad6e7e3087fbee7d092af4dbeec7831c0ac569a7a44c485a374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9159bff4a07251a216933a1c6cee6b93

SHA1
c8be805593df464f400c2b2c74e8f6cded62c1bb

SHA256
abf7622ed0f96687f8172f62be058203e1c3e2c3139ab46003f92815b25caf79

SHA512
daba4b131c7cc694600d3e16b926c5f4051e34c18efc80a05e5e4b0f98983b95abce899e09ed40b31c1cf23e4d4145e20e044c02b1748522b9e41dd84953d6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
10a5853e51a936b01f7a9a4973da3917

SHA1
f62c048090c98ca7e078d43178b6dbb38ed35ab3

SHA256
f392baec32641cc161f3cc6284fbe3bb539f98c46bd133a314b7b226bbc0ceca

SHA512
2cd69c4f1d28a6e73ecc673a136666d8f1595361b77ac61f178f9267967ee55ab1b75a427d70b7afee10cc2bbaf50025e3cc133009f76fe1be2cb5f94bb58813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5758cc1096a1d91b94dd1e4a225db0e9

SHA1
656a36d3a8d65a6d99f3d248d48ea53a3d0c9d20

SHA256
e08bb8dfa642bb1d21ed6a97ae56be6a5d09380c0c90938e6c497b5277257084

SHA512
5556f6e107154123c32193cf687d6fb9a8d85928ea180cffc75497496df07cc48593b57ac571cebaa3188f24288bd1fd6c94415f21ae630bf20e027e8d308684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
021d2550a0be47c698aa36b50603141f

SHA1
d0ffeebf800f565fae793b606a64cb7682aace24

SHA256
750e548945dc053fe8993f7d32142a21e7b7cce173a84e60c2c34e341fa36ab4

SHA512
98380ce6f6e0f322828ca46264e28943dad44a12010a26f3c99732169204d3ef7d0533635dec6154c1fa799cb36456df251e11f34304d56c4153897fd9a60786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
90a51942fd6575a25d36d3867f1c884a

SHA1
ebb54052fffa4e1c438aab9d2498cc1795fe4329

SHA256
103d512cae39064c330df915f5918106c68c615a804d08ba7fd6b62072e1ea1f

SHA512
e17f01a694726d12202dfe5e9c5c2d40bd3b9a5243a6314b931063573ed7670acc573dfb3e8218e0a84d06a802b67f46e565e366838c7bd55cbf7fea2c263e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5c86139eedf5c3c8789d77ca11627c97

SHA1
e5fad07e6b0aa8d5effa18158ac15ee3a216e2e3

SHA256
7963176232419f7979e122d06d49cc6715f74603eada19c3690842521491b75b

SHA512
fbfb2be5b78368f7c7de52208f16add1686a2b0c4f4a3b13ab7584666503a99e81fc169dc2b5127dfcdf614714d9f06976319a42613a0d468b173e474a530fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35e09eafa4cc25fce34208f737b79422

SHA1
9c1558e4135727c1c70a8a9081835d12a0cdccc8

SHA256
b3c759bce20cf08bdeddfa8f03a8be64d41b32f199833e120eea612760639fe0

SHA512
7ba0a412dbada39f134e364761e4a07cc4df54f44fd82225974d78cae6205a7b1e94a7995c11e3ad527270d656a7f34a04d277ecbb9ec4f03f8636153d339e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a7b67e3779cd5e74b2ddb0776bbe6ba

SHA1
15278d2fca9d75fdca63ef60d1e3cbad474c1cb0

SHA256
3937bd1e799aaa0d989e29bb00b4736f7cd4226cdcc0c5fcddf9b4dde73bb8c2

SHA512
349f2c19f276095b7b447ae736788d81a7a8a9922252fd659d53629c5c243278727177eb5bdeeb11e7d3fb7cea59651169c288551c4240d4ba7c567e962508a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a23dc4b820e0de723dedefb7da88236c

SHA1
7be3fec580986a3d25ff994c7f7991cafc71ad62

SHA256
0b78b4997d2b137228807b564e108d9123dee1b1a3665a2983ebb602259f959f

SHA512
50fab0ed15929b27eb16750f1e3f538bd43fbd2ab39de6799b45b61ebf95e39debea49a2c559b1ea00818a64d836ddebb4df9cfaae572c0d26fe48d4622b7745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03d5562c8371c4d7c4e3c50aab4c84c7

SHA1
747cac60b216c6f92f48a8f4a836ad6da193dfac

SHA256
40777f588484fca9d07471f3e7822a297be4572c918a2372bede8f2976ee5531

SHA512
4a8972951b69ee1f981fc06d8a8042a50d2aa0eaba3676ca843b498e349fe3acdb0851143cd1071501846996c5194c16f17c6325c9fafbe095c70989f7fac372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0f3e856f947d9d100fa2e7692efa546

SHA1
9008752166bdc9118a22da99c37dcbe859f31095

SHA256
f4f11144fc443c19dcb6f3b188945a7bb1c3abad1a1009c3a1c2e0d72fc65285

SHA512
06250b574e214cc77ba9df2c7e383bb4243cf89a035722682b8b66de735889ae1b32a9318a65df7d0ed8373b02f203efe44cb8f44a016573bd7c0a2704da27ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d5980a98836ed5ee2c8f614f24cc334

SHA1
e4042f3a05f30a5bd3627c7925c6adb843f3c844

SHA256
d3f1f5cf50a175f5b9fa6a8b8083a4c7aadb5f9eb1ebb4accac4cdbae4f95ce7

SHA512
7f227659d00faf07d52ae50cc7aab7182803771dd0a035dcfad2484d9e69f2d7cee4b5deac7c6437f954349407a4e89bd6b696481cd18511929c6f0972ed4edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cdad33b3e0885adec52808a957602b43

SHA1
ef1e5a7bd3b371dfa427cdff81852d435381fb19

SHA256
44033bd1e5c19bfdd8a7686bc06e2e151b25496af61749109b98a0b8186751fc

SHA512
9b2740b4c28af4903636b87bad952c322e9080b2f6a1218c06f46e0b02da2e17055c03b6fa1ba0b45da364f8eb2a6081323e3b78f110ddee22e7af91310df1eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
881a16b14e70d9b4310bbe82d3d3a34c

SHA1
37f2dd0cc54835cc3224446465bb20f1ec0c0905

SHA256
a1bf03146cdb3390b9cf905c3fadf6f8782378184ecc882a3961af6019dd37cf

SHA512
7f5f38713ad704d1af888560e3a54fc11087ee359c62a7d7492d38d028c235dc6e009cdc3965a87a8f79e09877ab3a75f084e67e81f412ff7e28063f4342cfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebf97307d2e0d79e45ec2c4f03db9f8c

SHA1
8a4bf04bed4b7214f22681ce1d1972239d06165c

SHA256
280864b497c6be6031c9c40bf7f179b98d237865e103225f1b7ea07faf7aabfa

SHA512
47af2e9226508ff1c073ec07ab698563d38e8da38105585d59b3ae0bcbcd095a6a5d5812df9d540398f00a0137073371e2e5f2547e2c70d6a5dca07e963a6b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1e74e46a65809d325dc998f68bc76cc

SHA1
1bce01fbe93b0d376f04b56a5b8fa62efbe67275

SHA256
671a05103bb496deeab9341a89d4a383fdd4021422d7fe82a0929f5449fdf411

SHA512
9d5c45a4d368447f08ab6b376e084fae62127039756e58dac65b52eadd94f41bb8660ce0724c14dc9e31c2de810f87b1b084bfc191a001507e533c5087789155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ed50e5c547f39ae2e5dd5a1ca894e67

SHA1
2c5fc2e96ed21295e66f19f1caa2ec4a071a94ae

SHA256
0d1e601441efda7a13dd65d4ed258f714df64ce0d88ac9b0eaca54b6a2b171e5

SHA512
7ee76837c338725c95936f98fe2504a666123d319e28b2a157cd96e0607a0de98073c5e2933065a294d5d22fe41d1f297f8110b2ade340c1cc099e503994f6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a183ed923d9be703a2d47b6b77e2fe76

SHA1
d7405a2116dffa64c16fd3bb7e5462bc9934d426

SHA256
ce68bff7161b2db7717594be3c52f526993883a05abe95f728eb49bf5373c4ab

SHA512
69facfec2d75de78f142bbc1e09385cd82c62755917d803267d54836f2151e11e16e9df855f714949d8bae7a373a3f5431d223914bf9475ef60d8cc39dfaa73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed02ac85bf3d24c8b9ab6673323616e2

SHA1
f1b67075982429cf5938f85960413e15dfebcb4e

SHA256
ffe0e960d92a92102aea17fb573c1a8ed9b79531d895e3aa733072a59f65cd15

SHA512
19459bc269f9ea082bef8acf173b143aba40dda4c4c699fbb25178ca5d98072131bcb0dfccb48bd352ca6f09cffb019e5a84ad42b028f31d8f393758535fdabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aaaa3f77edd0e88ba76ded088c87bde6

SHA1
d7ca593b1e6584d9d505770d53a60a8105254b9d

SHA256
e8b53b5bf2e667b926d9f67a9e14dc17b68a55a6a411a253c504aabd1bfdf7b1

SHA512
44b0e6629e3c3feddde1e1897ada198f953f3fae989cf7fde0fe099134e422f5675f13458377ba1ffa997f8e2845fad891769a3f525473fe83355159b0c034f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a2edf160242ee60a2c4041ad0ad4c60

SHA1
084f279959199fe8ada7e0e601f88abd8856ab5b

SHA256
1faa71856d6307e99d83d508b62921d975a59f8770c37e19f42dc1fd607db96a

SHA512
7c498074c14c3bd3bd68070ae34090baec663aa4aad42ece2e3c2d4180c01ecc57421182f6c7c091ad68cad0af629a73cd9945b321bfa15a2ce0d50914faf34d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47073a51f280ec5c96fe7fd90f388ef1

SHA1
2d26570f5222c96cf0b357cddad564fa3f15b216

SHA256
086781add58ff3b78e24e3e81f725f99d4eb12376f19ad5dec1fdfcd350f0f6e

SHA512
d87722d3d82024e20f8fdbfa2f47dce34aa440fec84072090853f661c49b3776f6341d1913d1424f8682fa94a1d1e88ea4f15ddfb792bb2960f03e107b548bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af84b3b2dc45e7f3a2fb315e3af5b267

SHA1
10ad1663923caf799ea890a2940d1025d01a6e8d

SHA256
5b2c6256ddf55f84a02706510eb09cc6976ebc0dd1c71a2460db0b58725ba5de

SHA512
510d88db375f24b658f079f58e77862570cf0b6f44d2851b5aa4fefe681ce38074c29b59e9b07a986c0b6c6071ef2145e443160837b8edcac0b96e71048a21e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cbfde468a58b99f9f14d93ec4e6b769a

SHA1
167e08e5a2a924b405dd9a12a1ff00b5f7697ef9

SHA256
5489e8b11baa85ced2fbe82c8c601fcd7b783cde8fd6b7a10b71b21098535ca7

SHA512
33e6d782c3f2c7bd74a3c5d05ac70716f1344c08eb624be3eb8807c8a8aa4ee31294378a157a38e512a3d01eddf765c350038e344c04959d1f27c871d623bfe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
44b4ed173767bd24ae101e55738da5a4

SHA1
4530c004d556d16a05721ff05416870f34ea5ad2

SHA256
976a60683e06a4174ba9a44fb209a3451f86dee3f20472240e0b70fcac2874a4

SHA512
89089a31dbfd4f7d08e7fc0136ec5be0d0d13d499a1bb5aa5ec3210634ed73a3ae086fca1eee63a033b965b49a9f713b955d34cbcb4976b97dc816d7a5ba812e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
809d4d0bf25de51aee67c6a93a66fd0d

SHA1
732b7b9b3d328a2b88f3fab250bff8fa91873988

SHA256
60ccc43b9b4fec2132ead547e6a24b52447ae82035699f91b9ecae228de67329

SHA512
9a9a1f570851d4f1a5a288f395b1e4babf2db157d4d2ee1f46b68b1f459e6b33c46331a3d7dbd97e1fbab7d8ebb727cee952c672d110be2f2fd649697747d651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2425aafc6b8bba167cee2fc654f727d0

SHA1
cf99e8ba017fe9c59e699d73052e3c086043feef

SHA256
4e7c7b13f65dfb482f09997fe3c494761bad716f42b00ba0ca8d11b3d7bcd98d

SHA512
9efa5c35e30b70eed13368e26415c7b13a30e7cd845675913a6aada94660980537fdc4a7f06fecb7746910c383f1c7e13f7a412cc96e6c7f45fdccf367eae629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7e3a3e6f5efe6e193e33209176d772ed

SHA1
3d7fdf5fb893237e2bdd1452a15ca6371c80f7c2

SHA256
d737c0eab75923a36b3b33f278d756d80c628d8502bc05860449340e085a7ffd

SHA512
4c4a49ec8b7f069679eb599b744ff65ecff8d8147a4b66ef77457f3a2887eb25ffaa3834809b00d22234e5cc90df7fac153998e1fd7cf4e7a2b3f7ef61096ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
404d8eb636fa9dc1ba0b0d875038b2cd

SHA1
f6c732ac1e3a1d0c1af812081472e1223025be91

SHA256
e8b539c766c5b433b6b0c70f1f58e863c5056195128130423bbff5f22d23e67a

SHA512
df9d2a4d673d85174e412df10236003b98aa5ad27818c9fabf3a5a373ca92f12dc7f87a6103ee7ed2cbac40ab6c2600d4c8eb1b88feb26056e9af4fc50ab57cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
ef0deaeb8fe1ef7a41c9f6f9a32e7196

SHA1
3d03427df8e33ca18ebaaea069b7847a0b1a018c

SHA256
68e85401d730ef03c4566f6db677406108e41787d3a92652ff6f5d308a3a8a8a

SHA512
60fee4e3c048a44a8c172052096278b7ef20ea19be85e4071a552508114b3980c6819832d49e42908359c2bbe2c1fcd02e158780b95e04ae60095746d8b44884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9dc954f4323884220b6b8c731db264d3

SHA1
8caf18d12275f837d586651e28f706f06e7dc235

SHA256
412019aabc3c66f9e32dd0160c24141656a6c4ca1e4cc05e489e7c1e192ef0e9

SHA512
22a02ccf49612f42a53724176d363cdb41cd6db02a83e83a8f60b6ae2ef0c19d0af96db7077081c5a73051b98748b82f613339711f67efffab372ddd7957795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0bf9a14d63f12281ad8dbcbe5a033828

SHA1
c2108b3798047f4cb790c7cb297b1a674b153391

SHA256
5edf923e6cab9578dddc028ac85fd30506af049169e4ebfcaf6b4579c12d49ed

SHA512
76b53b464eb7efb9ec9a0e7e154bdd1aebb8db5beb107af296f422ab2dd9e9ef927333e9901b11c6d3e549acf2f17797fb9cb0b4db75d98a547f376ad84e723c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c2f563a2ff10502626e354f7496fb05

SHA1
1be46e5b86db7d1cff3bb9bd3dd9fc8c514ebe23

SHA256
f081fea7fab84d3ca067b39c1b4aa09eacf5b60d7add72b413627d2992507e66

SHA512
53c203fd33de944e2dc57dcbbc85b48da1873ab3cfd68dacf1ced228c17d737da8a29a40e118c83d20d8ebf23506f7ba317445109cb1601762de698fe94c4a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
418674fa5bcdfb115fef6fd699d3a66c

SHA1
ea2003d9b844e6d39c985ddf9e6625399f3cad94

SHA256
ab33b55bc994569cd881f20f4b6c16c62d82b55022bd83412c6033ddd71295ae

SHA512
48aa7cbe0114848b6820bac7e709f22c5ae7db151030f93e1aa8951bc2e98545ece557337ffb7e6faf1ea11b2587e36d7b4e173c276bbda43a57d13f4b17ece9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7108eb240a14b610cf3599f0e0accc23

SHA1
e157eb2f60318b88bbe99895f67405a02f0e508e

SHA256
36d349bab519b2fa319180db28eb675c07eb33038bccbefa2aa6fec6fc21b91f

SHA512
91ff65d072fea822e31819d8a28d16ec2941b7130d1ed5e2270ed3eee71e7cb6c62f7edd475876a59841f00207cf82e3607860bb373c4ee45fe014244d9d8ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7d5c97500bbd03c122e4b75a3b7ea05

SHA1
9dd675837e31f9d17bff495b8d55572657b4a12e

SHA256
ad8d779ae89d3d83ded4f7d6def0c94fbcc0b82e14b59241a920646e038adf6c

SHA512
032f793ae9151f09e21b21f9bee83a24cc00d98bee5185402110e64bdb9d3a9f53ba58a75824488d6859a732f6ed42560aa6e2bca5149e5ee4cbb4dc3058437f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04536a8dcb0a238ab5c8ebaa47b4a64b

SHA1
8cf5c537a232adb28ac5783caaaad269e059a5a9

SHA256
069e690c37751720066c065245e55255ba4e1c107855fbd33b129400753d595d

SHA512
b4bc3ecd7f08e98d293efe3fa65c24f2b0f9e707c3d27a0a085ce41ccf6241d64df7e7e2deded58b1a092b12cf40dfdaab60cbde6561e1ab2f6c95d0adb32599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5feb40321d45d33a74e18045da92705

SHA1
3424a4f78c5dd56a3d85a15243b7a60b5c5a2750

SHA256
9beef50d6db607399651fd7604672af2bd0c1dd272eb7a827e6546f2b5a5a4fc

SHA512
0660fe455b688bca10dcac01bcee311541ca9d720601e23520a3d2a5d69aa2492d814b6feca72f130153bcd2522f08203e2084b2d23ce36bc7415f622148f988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37d8e9fa7b13914fe906fa54d7a17bac

SHA1
a6f67b663f37d8495e7c2867544ee26a9fe223e2

SHA256
c583a0135a9053bf2b8de72be31669b9222837044023403dda144463f22d3ac4

SHA512
a7bc00944a0aba161b443e7aa7b2f90dc0c74e7949ffacc886c8a4963c118290e5f44d78bdbc6817970cce4cb883776853fbd1ff1a51a5a2885ec503177ecb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f476de3145c9d5f04df867f6928172a5

SHA1
497151821d01fcd38250d95b8fe2852690bc5d65

SHA256
ee1106e1968be5cf926632a8708550935d1c81b0a06547585d4ad5b9a2ae23a8

SHA512
c96d8f64f8689bb34cd34c146b9a9f26e9aae60b4a9dba1bd2887dbbc08af639be35101cecca35af27ad49ec45492ae28a284e5e3022cd77e3681d732509a116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5b880ff64343477e6e9cb43875e73c6c

SHA1
58ddc3e156c992417e1d41d0537bf5564f64bf8b

SHA256
34ed3b7ba737f6ccca23a73d40c8f1d1b378d410bbf69f6495e14d2410a67739

SHA512
999bf65c8c26bbf589b4a24addffef7b005a7bf05293fcba12fd8a3c5f43799b187dc9d1a2aa3527e08027b9ac2e963832a53ed35588258a111cba18a1ec77bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b45f66ece0e0d7c2345d87eb8f461f5e

SHA1
8ab42ab44924a591a5f98450c6bef26feece2fbe

SHA256
0f1f24c0d0ba3fee5310a0220c898c9ffc61cb8f56bd11f6067aec4993df59f7

SHA512
68b07e1823f6e663fe979b9a3adc64233588fd03597ffa589328f492a9d75300334bbf592ca273509e69286c19c9da4c72effbfd91238387e020f716c10b9d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b154138d700110b35120217e86480b22

SHA1
41a7de052728b1780eb67de0198644b218f62ce2

SHA256
aaeb01d88f8edf8f25e023a76e95b08b77e15c208b8538510550fc0d29369727

SHA512
d4f314cae2035fff2b554e954ba4fe486feef55840032ba69b7b0df042e76298cc512f7dbc92cc0ace5bdb30035c9fa64c413544129de7422c3ad404c5f1e3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5f9ccbd058dce652ff131979e240aeb

SHA1
b88a28cb4c6a3b9e043913926f746e9a332f4fba

SHA256
67c3ce1e9a6eac7326fe7636633d0ae1ca3c343a7a800a64cc90ae6e485589cd

SHA512
1a62cbf06ab553481d84b8cd91af326e4902a830254142c7d03d8fe62ec55a565b932a945835fe84c53805bca9b63092a3382791eb3b9047bbbd9dfb6fd01d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
81a3329dbbc66e79a6be8a0fd8270af2

SHA1
61e92d416e7227a12cafff2b250bf4ac586d2876

SHA256
a67f1e8ce4f88f1f97c78219760c4d8279b55cc8173b25e7bb0f9395de41ae29

SHA512
9523dd14f3e7ebadfa8dd4a64192986370408a22e744c7519ac98e4eccd7cca72b21676287077071a4b76530641505c5a6e918292298c60f6b0463ca7e16de62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3eff920de84d54db1b7819bdd7928428

SHA1
1e1750b58c18b1b535be09049946b67954c761e9

SHA256
fa5189be5efc914d6087b5027e27eed5528b7ef81674e7e000fd1ca3388f07fd

SHA512
5cbe546ea3acbdd9bfdc7c7742c35331cc1262bfbde7056f8111e43b01f6baa86d124477834238beb3e98ad08294599b77a1d2d82bdee85258ab7fda3324cdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b2f1b.TMP

Filesize
2KB

MD5
68a68cbb4a9dcb7dd4772e72c630e05c

SHA1
e4d17ff4fd6694136419c411001d686e107b2954

SHA256
f0c3d0cccba591fe67edeae67a85cfb6f699a424daa08e1887b66f0164b07cd9

SHA512
96075a82819b976f6de6007ea1b3d1fc1b4a9055b1392cb8c49fe20f67f47db5b3fb2d6226a2fb6fb2ef768141cd465a237f07cc9a4b613c0efb073d4d3131fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1be35f6-ae89-4a8a-a4f1-b25764ee0e7d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1400332994a11a665f6c164cddf39bb

SHA1
35bc2f8d9800d03371894ec951ee21d4167ce952

SHA256
4bc3f0591747f8809daedc1b33ed8885efa8541b90ee26f7aa5ef3cb14788727

SHA512
091335d65e83289d97609b83eba3ea85d64b0b0fc13ab0f4009933f0f22259a341ace6c3c0ad81e42a557ed10db55baaac73388b0135af2ca9f171812a1b4c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed640164203d0d0a2a1e7919a6fdbdf

SHA1
9af74121e090cf2970beee82d22ef4ebb886c0ae

SHA256
4ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae

SHA512
1bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32962\cryptography-44.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_asyncio.pyd

Filesize
34KB

MD5
e6307d02076151c6fc9b78b1f346068f

SHA1
336cb5b3fc88ff4d9cc021f858ff33b0eb96c881

SHA256
fdb2a227d646b420de9877bb569b96369b6175e322f6ef81bc3f372eed08c10b

SHA512
7a22e2c293a067502a0d1e4ccc9fcb81dd7bd7faf56a1fd4a6cebc56c5ce4e8bf6c7157e19fe779ed70722d559da61ab5ca1f9b1e1b3df8a2b83728fbac2564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_bz2.pyd

Filesize
46KB

MD5
c33370fc6631725aec3102b955b5e4bf

SHA1
0fce43642e54cd9db1eb48bbfd7661b8a4613e0d

SHA256
6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5

SHA512
1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
c4a0ceacd79d2c06956d24bf1c028a35

SHA1
1dfc5c777435a46a69c984411d4dfb717b47c537

SHA256
1ec4cd20853191e91e36556c6fe1a8bb14d162ee9904acc897cd8f694089f0e7

SHA512
da57381043a500a5bc826215d9c253e22139dd3e9e28a870b03d2d7d486aa8eb1a78a45ba45ee9c86b3a9bb264f20a9a776e5e3ab1e921ea6d0747275410746d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_ctypes.pyd

Filesize
57KB

MD5
e7ec734581f37a065e54b55515222897

SHA1
9205e3030ea43027cba202b4c968447927d3dc0d

SHA256
9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3

SHA512
281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_decimal.pyd

Filesize
104KB

MD5
c21d61753b2a62fe70311aaa50e75a64

SHA1
39cc382ae3fbcb6b80974ece0e020cdcbec8f57a

SHA256
0ef0b881c15d88a443a1bfc898d0011dab50500ee4a86e0f35c3076ed70cce49

SHA512
059c7c7f35c939ab615b4dc1d3e9da69a66b0ed4a30931115971898c63f24ff960bb544f2ff9db7ce990c36a4d1e6307864d0f1ec5fbf354983473268c9500e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_elementtree.pyd

Filesize
56KB

MD5
dda8f0cc660c5e8170e37f37394f53ad

SHA1
6fea7006e44d0ee320499034e61f0cd99247abda

SHA256
58fc4868d87f7e05a387fb39646110307b993757b3e23e52d4489e7cea653dcc

SHA512
13cda3936c3b7eace74aed66282a13aa3d63e9da9b761a7fc8d6d0f215b61fc44ef4c4d60bbb0cb8d52689ed1ac05993965f5498da41ee95d6299d4f9a4bf4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_hashlib.pyd

Filesize
33KB

MD5
d27d3f54914b9b3b4dbf947a216b0e11

SHA1
36a4905e2ca457f241d6f2fc61d11c2a7986e802

SHA256
ed5433134675839cf0ac3d55006e87c3e8b74bb622168d83fa7e00c9dec1b844

SHA512
e3bf3df3c0202eb19830985ae5e9f6d4d03bedbc0b8371dcefa6d08bf2ce47dce211957c9c36bee8c57889d29084a08ff3d3fe2cd643e3420ca0c030585adef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_lzma.pyd

Filesize
84KB

MD5
49a6a6127ad0a70a2d60f193254ba710

SHA1
eb9f1f5a0b264d6c2c477562b9331a798b9a1909

SHA256
4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7

SHA512
e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_multiprocessing.pyd

Filesize
25KB

MD5
b5979368da73ffe9213dd49c0e5d6270

SHA1
5cf6ab2e801899cde24f3b356f8c1bff9d935528

SHA256
020602164b9891cb1c304d9f70dd8083c7e1a9a42caa9cfd67a5bbc0728029b9

SHA512
191823e56c4a3ea8bd211745111861d140899263ebed9b1988d2be37e1ba073195b55548266d6c536793edf49ef82b19064be96992b7bea9171424e789c83352

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_overlapped.pyd

Filesize
30KB

MD5
96d75944d280f39eb0f8e435511f3222

SHA1
0d74eefaf62c80c969bfe2f5e32fc269073527f3

SHA256
bfac2d1b1c5b948f6cd70de2e2edbe85f535ace879dbbaa04a71065ea11ef280

SHA512
724be702596604d173a542526b2049f268f611c204f03ef642ccf5e946441973704dca6e601bc5fd6dc3cc9a35b8cfd392571fe3228c59e277259097f53b2bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_queue.pyd

Filesize
24KB

MD5
3b901ff0137dc2460d2f90b0a43a9482

SHA1
bd89b85b8ca525b9370fc105b5009e45ab95131a

SHA256
9982fad71df27eaeaac9521e25a300dfe5810aa723fafd56667b09a9bef26594

SHA512
c1fa7d0b4af3421f288cb2773fa35bbe6efe86160de48787da998f155f6880df535f075bbec531a5c5a9c210c239d4e926d86b486bc68f41a7e1ef97ac095dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_socket.pyd

Filesize
41KB

MD5
38c567e91d5bd0ea66f57528319e6487

SHA1
98029c6c35886b9ab94c5bbaa4fbb54de9f45dc2

SHA256
502212dbed204b73f8b18b9b13c0ea158c9dd2cfffae2d7cafedf7b042264fbb

SHA512
d2f03faf7faaa1b82dd14130a85b203e86de96777209d47ec459c5a1efbbbd0ac6754d53ff9618744ad57c3b800b6fa6f8850c716dacce3828264eef265543b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_sqlite3.pyd

Filesize
54KB

MD5
0b71fb4c0dba8beca2b950b5d0df24e9

SHA1
af710f7604da0777b35fde62115214f029e0db26

SHA256
8ecf7eabe204218b672660e52b539040183cf346ca630ff3de552a22111ecb3d

SHA512
784ff22dd62b398378bba276b386280d7e0930bf5611a5ca7fcdf894c352be5aaeabec2f419092cfa17791f61b725f37b44bb6e861dba2e5322b87078952c660

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_ssl.pyd

Filesize
60KB

MD5
e77ee0cd7cab90dabbaea0f8abd7e1c8

SHA1
8b7f712eac536e9932c2bfde828624c34870e4d5

SHA256
c8359a4e0991f6604666004bac39b9c290195d64af47b263a85f663d89822b11

SHA512
4f0461b803d214e798be061829103fe20d12a14d88e365c186b3081b695138ae68b64083626431c9105d5609f36193fd8891f6e8968392b42709e6c198bd9c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_tkinter.pyd

Filesize
36KB

MD5
a7d7c6f515f5b49b1204d1376f7621cc

SHA1
42000eee9d23ac678103ad3067edfccd5043219f

SHA256
3b816042f0c47279b39a2d04347e115404fffbb01de35134fd7db279f55296bc

SHA512
f54a3d79ac6a1f0bf88562c7cd004055d29f6bc05beb408e856fc5305f59f061b7a17556e008a549dd12aa9399c99e7fe2321cd5ec7324ab7ce3151b0454e9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\_uuid.pyd

Filesize
21KB

MD5
4c8ffc5c3b8bb6e969e8c80a132a1cf7

SHA1
fef1d1a9b17571fb885aa7f224cc9473b0b9adfe

SHA256
b73fd8206c709f352dd26850d181a8ba8b14bad3b3494f61038f45044a3a2d85

SHA512
6eca26f968f124f0bac60dd2a184be56cee4f8e74e4fef20c5f3e920d50651f7772d49ed43d4024da6aed11b25be0018ccdb87506ac96e3346ce2d72c4cb223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\base_library.zip

Filesize
1.4MB

MD5
2a138e2ee499d3ba2fc4afaef93b7caa

SHA1
508c733341845e94fce7c24b901fc683108df2a8

SHA256
130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c

SHA512
1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
9KB

MD5
ecfbd9b49ae51f8e3374e17aff3aec1e

SHA1
3e66e0f757d0f18afd546d158a96fd1707b35a5f

SHA256
1237b21174cd4aee97aa4d80ee953dd4ce91b2e1beb4788a55cb25a0213521aa

SHA512
9c9f682b55a589f1c10c99b89cc2620ce3d89d96c17096feb7e0ddfd6ac2f2b279885084b131080a57a6a324a9bce928e618348545c2b0af06c0ec4c267362c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
39KB

MD5
767c3533e89954a2cbdd386026d51cd6

SHA1
bb41cc8be2b8aa40d26a383ff6dde2b260ada1fb

SHA256
e4d22760e9bf26bf8d6b9f7083d9e5f788a6ba3ad62b78272c5f73af9cdecae7

SHA512
a11c416aeb11b604b70522a23af4eead5f568b161ac18dc99ecfd436475762e9b436fbb86a015a583dc05c93b1e68e1970ecdc58953cfbf98612b91c2d16a928

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libcrypto-1_1.dll

Filesize
1.1MB

MD5
8e7025186c1c6f3f61198c027ff38627

SHA1
79c6f11358c38bda0c12ee1e3ab90a21f4651fa1

SHA256
f393f54886674e42bb7667087c92af67bd46e542c44ddff11c5061481261c90e

SHA512
4bbbf7d0a51aec361779d7735c6a91f1bdd468da0aaa3626c3cb52128c998d6454be8c473c8743172ffcea9dc66403a5a81ff5535d9baf87fa6ab990a35add41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libffi-8.dll

Filesize
24KB

MD5
77199701fe2d585080e44c70ea5aed4c

SHA1
34c8b0ce03a945351e30fb704a00d5257e2a6132

SHA256
4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee

SHA512
d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libssl-1_1.dll

Filesize
203KB

MD5
0bfdc638fbe4135514de3aebf59fa410

SHA1
963addfdadf918339dfcab33e07bb6c48c86099e

SHA256
77affb7e88ab70fa04e382e29bf04a94ddf36c5cbd88b29ff33e15912d83ed01

SHA512
768abcc391eea4a3b34b0aade99932cd9befb922dcf9e720edf4c4719938214236e8668eca67026bd07567fbd10bbba98d63f47d63a81c7be1adce3bdd1973e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\pyexpat.pyd

Filesize
86KB

MD5
a655fa42e31e30cf60f452b70c01a1a4

SHA1
e38b435347a65d39dd2ff8518b75070e6038fb47

SHA256
83feb05e74d002110bf8d032c3ad2ffb636ae0ba4300e1ba84ce4add8f0554ec

SHA512
e54b38011ea94565ddf88120b8a3718b9cfcb79ca4b4900da1f9338b59795162534dbd2d5bfd67a81d9a29a6675ffdb2dc8772f583ee5bf2de547136334c8831

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\select.pyd

Filesize
24KB

MD5
5159aab3342e8e811454849c5543d0fe

SHA1
992b1aa55aa3a9ddc12857ec576c3d85ba5176d8

SHA256
2051c44e5704b8800145905058425b9fd829c1be6106ef632ef78fd574f513c1

SHA512
36437f1f4b6431c35074c13f9c791be5e041a8c4861878c254115398f5f3249afef1548a554eb7b06fc9de5271d6a98a0c026b951fa04ad312aa3f56b20774d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\sqlite3.dll

Filesize
608KB

MD5
aa2a7bd0e84498719405008b996a38ec

SHA1
0cb0962b02324067a715559c64fcbe3c1e798d03

SHA256
cacbebf5a19a14d3aaf59fd71a79ed38638c61f80994a292f16193d52d91832a

SHA512
d39f093eb5ad7ed489e10f6db405eaf0d0844a5e3eed1deff4202f1cf316293535e46d87d5aff1d210bacf53a65a08c397eacc919787da8133614951d77d85e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\tcl86t.dll

Filesize
673KB

MD5
755bec8838059147b46f8e297d05fba2

SHA1
9ff0665cddcf1eb7ff8de015b10cc9fcceb49753

SHA256
744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130

SHA512
e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\tk86t.dll

Filesize
620KB

MD5
7d85f7480f2d8389f562723090be1370

SHA1
edfa05dc669a8486977e983173ec61cc5097bbb0

SHA256
aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5

SHA512
a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\unicodedata.pyd

Filesize
293KB

MD5
5c05df2afd90a54d6378ff869d774b33

SHA1
38e2d685cd131ef1fff235ed180016c083bf2965

SHA256
0f631b1f12c8b0aded13ee5a50ff11eb2bcf9c47b535270a8a88fdfee4709ac6

SHA512
7d4712cdf0d27f66f33070ec4d1b4e6c51d3857edf01c4db94ce71eb8ed5b7780f5e3e05593e53d1dd51bc00d14dacdb234f02d391569b5e7ec136c00c10b145

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9682\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hayppwsn.g0e.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4

Filesize
950KB

MD5
5ac44ced534a47dc15b18990d8af0e49

SHA1
11add282a818408965d4455333a7d3d6e30923f1

SHA256
bea9d33028271f219a9c1786489dbfe8fa7191ba2fe2fbf8bd291130889a6448

SHA512
0ac4256e7dcc6697e7bb6d118a6cd6dbbfe2601a6487512d2c0ca3d73bc6ed4bc3f61d1c76e1c4316ec15c6bc3c5749fd8faf8636bc556a16844811586e21998

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1228_1471010219\9c98e94d-5c38-4684-b44b-1296ab3df1bd.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1228_1471010219\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp4608

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
605B

MD5
9678f99ef66e3e809276aa6abafc39d2

SHA1
ad193140643ebabc650725290a5b6b43cd4620ea

SHA256
d2e6c446a245040e3d24bc7da8e6eaab75a60a73096c8d213995b7357fd2c5eb

SHA512
22430a69d25abfa9c0ec2385b00a2554e1860a53cf03ae4827d99dbe41957e1af2fbe3aa981c586ddcfc3f02ef1279c28513be0f8a61303f214a4c96051bb986

Download Submit
C:\Users\Admin\pysilon\image.png

Filesize
2KB

MD5
0bafa682f201d7b68abf02bafedfcae5

SHA1
b532bc246b44717c5fee64023ae81d491b67728e

SHA256
ece010e792ca91f187ef6e8ef6d6252d8bd061bb9739b7a1af02fe2cd8263faf

SHA512
480a9190129f488a4d066e6944945bbc4353e42935dd175d143048a1f86d106d322d4510387384ed23aa019928efa9602bc62b590d411986c023f85ca8ca8445

Download Submit
C:\Users\Admin\pysilon\rec_\07.12.2024_09.25.wav

Filesize
7.3MB

MD5
b00580dbc88962975a4ed271d22cd391

SHA1
dcccc22ba97d7ce320ab98ea3f0245cf80a2b839

SHA256
ec32bc9ba1963e716ba7f23bc1170068c2e8a7e3c5bc83ea9fef95242e8cde89

SHA512
1d83e0d44b84f3bac7efc18c14d3e198daab1618caffc8ebc490962cce52fd586d09d9187ea49e3f0274cf61fd5c2176edf9c1d8ce203752bfe65bf32714c7c1

Download Submit
C:\Users\Admin\tmp\3Xa3PiLA5qR

Filesize
20KB

MD5
7e4f8edfd81c00b5d0f4e02c0604b537

SHA1
f4b3fa065755c54f5b03c5d7fa32fd2965a4cd9f

SHA256
b5753c01d76104dea57f63c7e2b930bc47779bd017fdc9636525b0bbae0eea59

SHA512
83484b6ec633ddce365b8ecb52202c2f02a233c4df06e2932f5d75eea9c834c3c96ada9afb138cb41519aea4df748ec88ca575777bfbf6a201463ca6032cb49d

Download Submit
memory/1468-3912-0x00007FF9173D0000-0x00007FF917488000-memory.dmp

Filesize
736KB

Download
memory/1468-3916-0x00007FF914010000-0x00007FF91412C000-memory.dmp

Filesize
1.1MB

Download
memory/1468-3914-0x00007FF91BA10000-0x00007FF91BA1B000-memory.dmp

Filesize
44KB

Download
memory/1468-3913-0x00007FF91D240000-0x00007FF91D24D000-memory.dmp

Filesize
52KB

Download
memory/1468-3917-0x00007FF918030000-0x00007FF918067000-memory.dmp

Filesize
220KB

Download
memory/1468-3918-0x00007FF91BA00000-0x00007FF91BA0B000-memory.dmp

Filesize
44KB

Download
memory/1468-3919-0x00007FF91AB80000-0x00007FF91AB8B000-memory.dmp

Filesize
44KB

Download
memory/1468-3911-0x00007FF91BA20000-0x00007FF91BA4E000-memory.dmp

Filesize
184KB

Download
memory/1468-3909-0x00007FF91BC90000-0x00007FF91BCA9000-memory.dmp

Filesize
100KB

Download
memory/1468-3910-0x00007FF920670000-0x00007FF92067D000-memory.dmp

Filesize
52KB

Download
memory/1468-3902-0x00007FF917890000-0x00007FF917E78000-memory.dmp

Filesize
5.9MB

Download
memory/1468-3908-0x00007FF917510000-0x00007FF917885000-memory.dmp

Filesize
3.5MB

Download
memory/1468-3907-0x00007FF91BCB0000-0x00007FF91BCC4000-memory.dmp

Filesize
80KB

Download
memory/1468-3906-0x00007FF91BCD0000-0x00007FF91BCFD000-memory.dmp

Filesize
180KB

Download
memory/1468-3905-0x00007FF920820000-0x00007FF920839000-memory.dmp

Filesize
100KB

Download
memory/1468-3904-0x00007FF921240000-0x00007FF92124F000-memory.dmp

Filesize
60KB

Download
memory/1468-3903-0x00007FF91BD00000-0x00007FF91BD24000-memory.dmp

Filesize
144KB

Download
memory/1468-3920-0x00007FF91AB70000-0x00007FF91AB7C000-memory.dmp

Filesize
48KB

Download
memory/1468-3939-0x00007FF917300000-0x00007FF91731B000-memory.dmp

Filesize
108KB

Download
memory/1468-3915-0x00007FF9180F0000-0x00007FF918117000-memory.dmp

Filesize
156KB

Download
memory/1468-3921-0x00007FF918020000-0x00007FF91802B000-memory.dmp

Filesize
44KB

Download
memory/1468-3922-0x00007FF918010000-0x00007FF91801C000-memory.dmp

Filesize
48KB

Download
memory/1468-3923-0x00007FF918000000-0x00007FF91800B000-memory.dmp

Filesize
44KB

Download
memory/1468-3924-0x00007FF917FF0000-0x00007FF917FFC000-memory.dmp

Filesize
48KB

Download
memory/1468-3925-0x00007FF917FB0000-0x00007FF917FBD000-memory.dmp

Filesize
52KB

Download
memory/1468-3926-0x00007FF917F80000-0x00007FF917F8E000-memory.dmp

Filesize
56KB

Download
memory/1468-3928-0x00007FF917F60000-0x00007FF917F6B000-memory.dmp

Filesize
44KB

Download
memory/1468-3927-0x00007FF917F70000-0x00007FF917F7C000-memory.dmp

Filesize
48KB

Download
memory/1468-3929-0x00007FF917F50000-0x00007FF917F5B000-memory.dmp

Filesize
44KB

Download
memory/1468-3930-0x00007FF917F40000-0x00007FF917F4C000-memory.dmp

Filesize
48KB

Download
memory/1468-3931-0x00007FF917F30000-0x00007FF917F3B000-memory.dmp

Filesize
44KB

Download
memory/1468-3932-0x00007FF917F20000-0x00007FF917F2D000-memory.dmp

Filesize
52KB

Download
memory/1468-3933-0x00007FF9173B0000-0x00007FF9173C2000-memory.dmp

Filesize
72KB

Download
memory/1468-3934-0x00007FF917500000-0x00007FF91750C000-memory.dmp

Filesize
48KB

Download
memory/1468-3936-0x00007FF917370000-0x00007FF917382000-memory.dmp

Filesize
72KB

Download
memory/1468-3935-0x00007FF917390000-0x00007FF9173A5000-memory.dmp

Filesize
84KB

Download
memory/1468-3937-0x00007FF917350000-0x00007FF917364000-memory.dmp

Filesize
80KB

Download
memory/1468-3938-0x00007FF917320000-0x00007FF917342000-memory.dmp

Filesize
136KB

Download
memory/3688-1398-0x00007FF9171E0000-0x00007FF9171EB000-memory.dmp

Filesize
44KB

Download
memory/3688-1414-0x00007FF913EE0000-0x00007FF913EEE000-memory.dmp

Filesize
56KB

Download
memory/3688-1485-0x00007FF920820000-0x00007FF920834000-memory.dmp

Filesize
80KB

Download
memory/3688-1484-0x00007FF91BD00000-0x00007FF91BD2D000-memory.dmp

Filesize
180KB

Download
memory/3688-1483-0x00007FF921240000-0x00007FF921259000-memory.dmp

Filesize
100KB

Download
memory/3688-1482-0x00007FF921260000-0x00007FF92126F000-memory.dmp

Filesize
60KB

Download
memory/3688-1481-0x00007FF921270000-0x00007FF921294000-memory.dmp

Filesize
144KB

Download
memory/3688-1399-0x00007FF917310000-0x00007FF917342000-memory.dmp

Filesize
200KB

Download
memory/3688-1487-0x00007FF91BCE0000-0x00007FF91BCF9000-memory.dmp

Filesize
100KB

Download
memory/3688-1488-0x00007FF920670000-0x00007FF92067D000-memory.dmp

Filesize
52KB

Download
memory/3688-1489-0x00007FF91BCB0000-0x00007FF91BCDE000-memory.dmp

Filesize
184KB

Download
memory/3688-1490-0x00007FF91ACA0000-0x00007FF91AD58000-memory.dmp

Filesize
736KB

Download
memory/3688-1491-0x00007FF91D240000-0x00007FF91D24D000-memory.dmp

Filesize
52KB

Download
memory/3688-1492-0x00007FF91BCA0000-0x00007FF91BCAB000-memory.dmp

Filesize
44KB

Download
memory/3688-1493-0x00007FF91BA20000-0x00007FF91BA47000-memory.dmp

Filesize
156KB

Download
memory/3688-1494-0x00007FF91AB80000-0x00007FF91AC9C000-memory.dmp

Filesize
1.1MB

Download
memory/3688-1495-0x00007FF918030000-0x00007FF918067000-memory.dmp

Filesize
220KB

Download
memory/3688-1496-0x00007FF917470000-0x00007FF917485000-memory.dmp

Filesize
84KB

Download
memory/3688-1497-0x00007FF917450000-0x00007FF917462000-memory.dmp

Filesize
72KB

Download
memory/3688-1498-0x00007FF917430000-0x00007FF917444000-memory.dmp

Filesize
80KB

Download
memory/3688-1499-0x00007FF917400000-0x00007FF917422000-memory.dmp

Filesize
136KB

Download
memory/3688-1500-0x00007FF9173E0000-0x00007FF9173FB000-memory.dmp

Filesize
108KB

Download
memory/3688-1501-0x00007FF9173C0000-0x00007FF9173D9000-memory.dmp

Filesize
100KB

Download
memory/3688-1502-0x00007FF917370000-0x00007FF9173BD000-memory.dmp

Filesize
308KB

Download
memory/3688-1503-0x00007FF917350000-0x00007FF917361000-memory.dmp

Filesize
68KB

Download
memory/3688-1504-0x00007FF917310000-0x00007FF917342000-memory.dmp

Filesize
200KB

Download
memory/3688-1505-0x00007FF916D10000-0x00007FF916D33000-memory.dmp

Filesize
140KB

Download
memory/3688-1480-0x00007FF917890000-0x00007FF917E78000-memory.dmp

Filesize
5.9MB

Download
memory/3688-1388-0x00007FF9172C0000-0x00007FF9172E9000-memory.dmp

Filesize
164KB

Download
memory/3688-1397-0x00007FF917350000-0x00007FF917361000-memory.dmp

Filesize
68KB

Download
memory/3688-1396-0x00007FF916CF0000-0x00007FF916D08000-memory.dmp

Filesize
96KB

Download
memory/3688-1395-0x00007FF917370000-0x00007FF9173BD000-memory.dmp

Filesize
308KB

Download
memory/3688-1390-0x00007FF916D40000-0x00007FF916D6E000-memory.dmp

Filesize
184KB

Download
memory/3688-1389-0x00007FF917400000-0x00007FF917422000-memory.dmp

Filesize
136KB

Download
memory/3688-1347-0x00007FF917510000-0x00007FF917885000-memory.dmp

Filesize
3.5MB

Download
memory/3688-1348-0x00007FF91BC90000-0x00007FF91BC9B000-memory.dmp

Filesize
44KB

Download
memory/3688-1349-0x00007FF91BA00000-0x00007FF91BA0C000-memory.dmp

Filesize
48KB

Download
memory/3688-1350-0x00007FF91AB70000-0x00007FF91AB7B000-memory.dmp

Filesize
44KB

Download
memory/3688-1351-0x00007FF918110000-0x00007FF91811C000-memory.dmp

Filesize
48KB

Download
memory/3688-1352-0x00007FF918100000-0x00007FF91810B000-memory.dmp

Filesize
44KB

Download
memory/3688-1353-0x00007FF91BA10000-0x00007FF91BA1B000-memory.dmp

Filesize
44KB

Download
memory/3688-1354-0x00007FF91BCE0000-0x00007FF91BCF9000-memory.dmp

Filesize
100KB

Download
memory/3688-1356-0x00007FF920670000-0x00007FF92067D000-memory.dmp

Filesize
52KB

Download
memory/3688-1357-0x00007FF918020000-0x00007FF91802D000-memory.dmp

Filesize
52KB

Download
memory/3688-1358-0x00007FF91BCB0000-0x00007FF91BCDE000-memory.dmp

Filesize
184KB

Download
memory/3688-1359-0x00007FF918010000-0x00007FF91801E000-memory.dmp

Filesize
56KB

Download
memory/3688-1400-0x00007FF913F50000-0x00007FF913F5B000-memory.dmp

Filesize
44KB

Download
memory/3688-1360-0x00007FF91ACA0000-0x00007FF91AD58000-memory.dmp

Filesize
736KB

Download
memory/3688-1361-0x00007FF918000000-0x00007FF91800C000-memory.dmp

Filesize
48KB

Download
memory/3688-1401-0x00007FF913F40000-0x00007FF913F4C000-memory.dmp

Filesize
48KB

Download
memory/3688-1402-0x00007FF917F20000-0x00007FF917F2A000-memory.dmp

Filesize
40KB

Download
memory/3688-1403-0x00007FF9172F0000-0x00007FF91730E000-memory.dmp

Filesize
120KB

Download
memory/3688-1404-0x00007FF913F30000-0x00007FF913F3B000-memory.dmp

Filesize
44KB

Download
memory/3688-1405-0x00007FF916D70000-0x00007FF916DCD000-memory.dmp

Filesize
372KB

Download
memory/3688-1406-0x00007FF913F20000-0x00007FF913F2C000-memory.dmp

Filesize
48KB

Download
memory/3688-1408-0x00007FF913F10000-0x00007FF913F1B000-memory.dmp

Filesize
44KB

Download
memory/3688-1409-0x00007FF913F00000-0x00007FF913F0C000-memory.dmp

Filesize
48KB

Download
memory/3688-1410-0x00007FF916D40000-0x00007FF916D6E000-memory.dmp

Filesize
184KB

Download
memory/3688-1411-0x00007FF913EF0000-0x00007FF913EFD000-memory.dmp

Filesize
52KB

Download
memory/3688-1412-0x00007FF916D10000-0x00007FF916D33000-memory.dmp

Filesize
140KB

Download
memory/3688-1413-0x00007FF913FB0000-0x00007FF914123000-memory.dmp

Filesize
1.4MB

Download
memory/3688-1486-0x00007FF917510000-0x00007FF917885000-memory.dmp

Filesize
3.5MB

Download
memory/3688-1415-0x00007FF913ED0000-0x00007FF913EDC000-memory.dmp

Filesize
48KB

Download
memory/3688-1416-0x00007FF916CF0000-0x00007FF916D08000-memory.dmp

Filesize
96KB

Download
memory/3688-1419-0x00007FF913EA0000-0x00007FF913EAC000-memory.dmp

Filesize
48KB

Download
memory/3688-1420-0x00007FF913E90000-0x00007FF913E9B000-memory.dmp

Filesize
44KB

Download
memory/3688-1421-0x00007FF913E80000-0x00007FF913E8D000-memory.dmp

Filesize
52KB

Download
memory/3688-1422-0x00007FF913E60000-0x00007FF913E72000-memory.dmp

Filesize
72KB

Download
memory/3688-1418-0x00007FF913EB0000-0x00007FF913EBB000-memory.dmp

Filesize
44KB

Download
memory/3688-1417-0x00007FF913EC0000-0x00007FF913ECB000-memory.dmp

Filesize
44KB

Download
memory/3688-1407-0x00007FF9172C0000-0x00007FF9172E9000-memory.dmp

Filesize
164KB

Download
memory/3688-1391-0x00007FF9173E0000-0x00007FF9173FB000-memory.dmp

Filesize
108KB

Download
memory/3688-1392-0x00007FF916D10000-0x00007FF916D33000-memory.dmp

Filesize
140KB

Download
memory/3688-1394-0x00007FF913FB0000-0x00007FF914123000-memory.dmp

Filesize
1.4MB

Download
memory/3688-1393-0x00007FF9173C0000-0x00007FF9173D9000-memory.dmp

Filesize
100KB

Download
memory/3688-1385-0x00007FF917450000-0x00007FF917462000-memory.dmp

Filesize
72KB

Download
memory/3688-1386-0x00007FF916D70000-0x00007FF916DCD000-memory.dmp

Filesize
372KB

Download
memory/3688-1383-0x00007FF917470000-0x00007FF917485000-memory.dmp

Filesize
84KB

Download
memory/3688-1384-0x00007FF9172F0000-0x00007FF91730E000-memory.dmp

Filesize
120KB

Download
memory/3688-1380-0x00007FF917350000-0x00007FF917361000-memory.dmp

Filesize
68KB

Download
memory/3688-1379-0x00007FF917370000-0x00007FF9173BD000-memory.dmp

Filesize
308KB

Download
memory/3688-1376-0x00007FF9173E0000-0x00007FF9173FB000-memory.dmp

Filesize
108KB

Download
memory/3688-1374-0x00007FF917430000-0x00007FF917444000-memory.dmp

Filesize
80KB

Download
memory/3688-1373-0x00007FF917450000-0x00007FF917462000-memory.dmp

Filesize
72KB

Download
memory/3688-1369-0x00007FF918030000-0x00007FF918067000-memory.dmp

Filesize
220KB

Download
memory/3688-1370-0x00007FF917F40000-0x00007FF917F52000-memory.dmp

Filesize
72KB

Download
memory/3688-1372-0x00007FF917470000-0x00007FF917485000-memory.dmp

Filesize
84KB

Download
memory/3688-1371-0x00007FF917F30000-0x00007FF917F3C000-memory.dmp

Filesize
48KB

Download
memory/3688-1367-0x00007FF91BA20000-0x00007FF91BA47000-memory.dmp

Filesize
156KB

Download
memory/3688-1362-0x00007FF917FF0000-0x00007FF917FFB000-memory.dmp

Filesize
44KB

Download
memory/3688-1355-0x00007FF9180F0000-0x00007FF9180FC000-memory.dmp

Filesize
48KB

Download
memory/3688-1363-0x00007FF917FB0000-0x00007FF917FBB000-memory.dmp

Filesize
44KB

Download
memory/3688-1364-0x00007FF917F80000-0x00007FF917F8C000-memory.dmp

Filesize
48KB

Download
memory/3688-1341-0x00007FF921260000-0x00007FF92126F000-memory.dmp

Filesize
60KB

Download
memory/3688-1345-0x00007FF920820000-0x00007FF920834000-memory.dmp

Filesize
80KB

Download
memory/3688-1346-0x00007FF918030000-0x00007FF918067000-memory.dmp

Filesize
220KB

Download
memory/3688-1344-0x00007FF91AB80000-0x00007FF91AC9C000-memory.dmp

Filesize
1.1MB

Download
memory/3688-1342-0x00007FF91BCA0000-0x00007FF91BCAB000-memory.dmp

Filesize
44KB

Download
memory/3688-1343-0x00007FF91BA20000-0x00007FF91BA47000-memory.dmp

Filesize
156KB

Download
memory/3688-1336-0x00007FF921270000-0x00007FF921294000-memory.dmp

Filesize
144KB

Download
memory/3688-1337-0x00007FF91D240000-0x00007FF91D24D000-memory.dmp

Filesize
52KB

Download
memory/3688-1334-0x00007FF91ACA0000-0x00007FF91AD58000-memory.dmp

Filesize
736KB

Download
memory/3688-1333-0x00007FF917890000-0x00007FF917E78000-memory.dmp

Filesize
5.9MB

Download
memory/3688-1331-0x00007FF91BCB0000-0x00007FF91BCDE000-memory.dmp

Filesize
184KB

Download
memory/3688-1365-0x00007FF917F70000-0x00007FF917F7B000-memory.dmp

Filesize
44KB

Download
memory/3688-1327-0x00007FF91BCE0000-0x00007FF91BCF9000-memory.dmp

Filesize
100KB

Download
memory/3688-1366-0x00007FF917F60000-0x00007FF917F6D000-memory.dmp

Filesize
52KB

Download
memory/3688-1329-0x00007FF920670000-0x00007FF92067D000-memory.dmp

Filesize
52KB

Download
memory/3688-1325-0x00007FF917510000-0x00007FF917885000-memory.dmp

Filesize
3.5MB

Download
memory/3688-1323-0x00007FF920820000-0x00007FF920834000-memory.dmp

Filesize
80KB

Download
memory/3688-1283-0x00007FF91BD00000-0x00007FF91BD2D000-memory.dmp

Filesize
180KB

Download
memory/3688-1281-0x00007FF921240000-0x00007FF921259000-memory.dmp

Filesize
100KB

Download
memory/3688-1275-0x00007FF921270000-0x00007FF921294000-memory.dmp

Filesize
144KB

Download
memory/3688-1368-0x00007FF91AB80000-0x00007FF91AC9C000-memory.dmp

Filesize
1.1MB

Download
memory/3688-1375-0x00007FF917400000-0x00007FF917422000-memory.dmp

Filesize
136KB

Download
memory/3688-1377-0x00007FF9173C0000-0x00007FF9173D9000-memory.dmp

Filesize
100KB

Download
memory/3688-1378-0x00007FF917F60000-0x00007FF917F6D000-memory.dmp

Filesize
52KB

Download
memory/3688-1381-0x00007FF917310000-0x00007FF917342000-memory.dmp

Filesize
200KB

Download
memory/3688-1277-0x00007FF921260000-0x00007FF92126F000-memory.dmp

Filesize
60KB

Download
memory/3688-1382-0x00007FF917F20000-0x00007FF917F2A000-memory.dmp

Filesize
40KB

Download
memory/3688-1267-0x00007FF917890000-0x00007FF917E78000-memory.dmp

Filesize
5.9MB

Download
memory/3688-1387-0x00007FF917430000-0x00007FF917444000-memory.dmp

Filesize
80KB

Download