4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Resubmissions

24-02-2022 16:15

220224-tql4kadcf3 10

24-02-2022 03:08

220224-dmw7csbgg3 10

Analysis

max time kernel
4294180s
max time network
131s
platform
windows7_x64
resource
win7-20220223-en
submitted
24-02-2022 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43564aa0-94f8-11ec-9d1d-005056a01a83.exe
Size

3.1MB
MD5

d5d2c4ac6c724cd63b69ca054713e278
SHA1

f32d791ec9e6385a91b45942c230f52aff1626df
SHA256

4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
SHA512

9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\read_me.html

Ransom Note

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> </head> <body> "The only thing that we learn from new elections is we learned nothing from the old!" <hr> <hr> Thank you for your vote! All your files, documents, photoes, videos, databases etc. have been successfully encrypted! Now your computer has a special ID: 012426d0-951f-11ec-ba62-4ea9000dfafc <hr> Do not try to decrypt then by yourself - it's impossible! It's just a business and we care only about getting benefits. The only way to get your files back is to contact us and get further instuctions. To prove that we have a decryptor send us any encrypted file (less than 650 kbytes) and we'll send you it back being decrypted. This is our guarantee. NOTE: Do not send file with sensitive content. In the email write us your computer's special ID (mentioned above). <hr> <hr> So if you want to get your files back contact us: 1) vote2024forjb@protonmail.com 2) stephanie.jones2024@protonmail.com - if we dont't answer you during 3 days <hr> Have a nice day! </body> </html>

Emails

vote2024forjb@protonmail.com

stephanie.jones2024@protonmail.com

Signatures

Executes dropped EXE 64 IoCs

Processes:

01371290-951f-11ec-ba64-4ea9000dfafc.exe012a6860-951f-11ec-ba62-4ea9000dfafc.exe0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe01314630-951f-11ec-ba64-4ea9000dfafc.execmd.exe013ba670-951f-11ec-ba67-4ea9000dfafc.exe012add90-951f-11ec-ba62-4ea9000dfafc.exe0130f810-951f-11ec-ba64-4ea9000dfafc.execmd.execmd.exe012e11e0-951f-11ec-ba63-4ea9000dfafc.exe013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe0142ab50-951f-11ec-ba76-4ea9000dfafc.exe013b5850-951f-11ec-ba67-4ea9000dfafc.exe012e11e0-951f-11ec-ba62-4ea9000dfafc.exe0142ab50-951f-11ec-ba77-4ea9000dfafc.exe014395b0-951f-11ec-ba87-4ea9000dfafc.exe0142ab50-951f-11ec-ba80-4ea9000dfafc.exe0147db70-951f-11ec-ba8f-4ea9000dfafc.exe015e2290-951f-11ec-bb6c-4ea9000dfafc.exe012a8f70-951f-11ec-ba62-4ea9000dfafc.exe014dcee0-951f-11ec-badf-4ea9000dfafc.exe015e49a0-951f-11ec-bb7e-4ea9000dfafc.exe014d80c0-951f-11ec-badb-4ea9000dfafc.exe014bac00-951f-11ec-babe-4ea9000dfafc.exe0153c250-951f-11ec-bb1d-4ea9000dfafc.exe0158cb60-951f-11ec-bb3e-4ea9000dfafc.exe012a4150-951f-11ec-ba62-4ea9000dfafc.exe0159b5c0-951f-11ec-bb4c-4ea9000dfafc.exe01568170-951f-11ec-bb35-4ea9000dfafc.exe014ff1c0-951f-11ec-bafd-4ea9000dfafc.exe015e49a0-951f-11ec-bb86-4ea9000dfafc.exe0149d740-951f-11ec-baa7-4ea9000dfafc.exe0149fe50-951f-11ec-baa8-4ea9000dfafc.exe0157e100-951f-11ec-bb36-4ea9000dfafc.exe014bd310-951f-11ec-babe-4ea9000dfafc.exe015d3830-951f-11ec-bb63-4ea9000dfafc.exe014bfa20-951f-11ec-babf-4ea9000dfafc.exe014b5de0-951f-11ec-bab6-4ea9000dfafc.exe015aa020-951f-11ec-bb51-4ea9000dfafc.exe0160baa0-951f-11ec-bb96-4ea9000dfafc.exe013edac0-951f-11ec-ba68-4ea9000dfafc.exe013d2d10-951f-11ec-ba67-4ea9000dfafc.exe0161f320-951f-11ec-bba1-4ea9000dfafc.exe0163c7e0-951f-11ec-bba2-4ea9000dfafc.exe0164b240-951f-11ec-bbac-4ea9000dfafc.exe015cc300-951f-11ec-bb61-4ea9000dfafc.exe013f4ff0-951f-11ec-ba69-4ea9000dfafc.exe013f7700-951f-11ec-ba6a-4ea9000dfafc.exe013f4ff0-951f-11ec-ba68-4ea9000dfafc.exe014124b0-951f-11ec-ba6d-4ea9000dfafc.exe0163a0d0-951f-11ec-bba2-4ea9000dfafc.exe01401340-951f-11ec-ba6a-4ea9000dfafc.exe014124b0-951f-11ec-ba6b-4ea9000dfafc.exe0140fda0-951f-11ec-ba6a-4ea9000dfafc.exe013f4ff0-951f-11ec-ba6a-4ea9000dfafc.exe014124b0-951f-11ec-ba6c-4ea9000dfafc.exe0142ab50-951f-11ec-ba71-4ea9000dfafc.exe0153c250-951f-11ec-bb1e-4ea9000dfafc.exe0142ab50-951f-11ec-ba6e-4ea9000dfafc.exe01425d30-951f-11ec-ba6d-4ea9000dfafc.exe0142ab50-951f-11ec-ba72-4ea9000dfafc.exe0142ab50-951f-11ec-ba73-4ea9000dfafc.exe0142ab50-951f-11ec-ba6f-4ea9000dfafc.exe

pid	process
2360	01371290-951f-11ec-ba64-4ea9000dfafc.exe
2440	012a6860-951f-11ec-ba62-4ea9000dfafc.exe
2464	0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
2528	01314630-951f-11ec-ba64-4ea9000dfafc.exe
2596	cmd.exe
2664	013ba670-951f-11ec-ba67-4ea9000dfafc.exe
2716	012add90-951f-11ec-ba62-4ea9000dfafc.exe
2748	0130f810-951f-11ec-ba64-4ea9000dfafc.exe
2836	cmd.exe
2860	cmd.exe
2916	012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
2936	013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
2976	0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
3024	013b5850-951f-11ec-ba67-4ea9000dfafc.exe
3060	012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
2172	0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
6508	014395b0-951f-11ec-ba87-4ea9000dfafc.exe
6532	0142ab50-951f-11ec-ba80-4ea9000dfafc.exe
6660	0147db70-951f-11ec-ba8f-4ea9000dfafc.exe
6716	015e2290-951f-11ec-bb6c-4ea9000dfafc.exe
6984	012a8f70-951f-11ec-ba62-4ea9000dfafc.exe
6976	014dcee0-951f-11ec-badf-4ea9000dfafc.exe
6992	015e49a0-951f-11ec-bb7e-4ea9000dfafc.exe
7000	014d80c0-951f-11ec-badb-4ea9000dfafc.exe
7024	014bac00-951f-11ec-babe-4ea9000dfafc.exe
7048	0153c250-951f-11ec-bb1d-4ea9000dfafc.exe
7096	0158cb60-951f-11ec-bb3e-4ea9000dfafc.exe
7116	012a4150-951f-11ec-ba62-4ea9000dfafc.exe
7124	0159b5c0-951f-11ec-bb4c-4ea9000dfafc.exe
7132	01568170-951f-11ec-bb35-4ea9000dfafc.exe
7164	014ff1c0-951f-11ec-bafd-4ea9000dfafc.exe
2012	015e49a0-951f-11ec-bb86-4ea9000dfafc.exe
2116	0149d740-951f-11ec-baa7-4ea9000dfafc.exe
2140	0149fe50-951f-11ec-baa8-4ea9000dfafc.exe
2120	0157e100-951f-11ec-bb36-4ea9000dfafc.exe
2104	014bd310-951f-11ec-babe-4ea9000dfafc.exe
2084	015d3830-951f-11ec-bb63-4ea9000dfafc.exe
2068	014bfa20-951f-11ec-babf-4ea9000dfafc.exe
268	014b5de0-951f-11ec-bab6-4ea9000dfafc.exe
2480	015aa020-951f-11ec-bb51-4ea9000dfafc.exe
2612	0160baa0-951f-11ec-bb96-4ea9000dfafc.exe
2856	013edac0-951f-11ec-ba68-4ea9000dfafc.exe
3044	013d2d10-951f-11ec-ba67-4ea9000dfafc.exe
1720	0161f320-951f-11ec-bba1-4ea9000dfafc.exe
2380	0163c7e0-951f-11ec-bba2-4ea9000dfafc.exe
2228	0164b240-951f-11ec-bbac-4ea9000dfafc.exe
2536	015cc300-951f-11ec-bb61-4ea9000dfafc.exe
2676	013f4ff0-951f-11ec-ba69-4ea9000dfafc.exe
2548	013f7700-951f-11ec-ba6a-4ea9000dfafc.exe
2668	013f4ff0-951f-11ec-ba68-4ea9000dfafc.exe
2376	014124b0-951f-11ec-ba6d-4ea9000dfafc.exe
1740	0163a0d0-951f-11ec-bba2-4ea9000dfafc.exe
3068	01401340-951f-11ec-ba6a-4ea9000dfafc.exe
1064	014124b0-951f-11ec-ba6b-4ea9000dfafc.exe
2192	0140fda0-951f-11ec-ba6a-4ea9000dfafc.exe
2336	013f4ff0-951f-11ec-ba6a-4ea9000dfafc.exe
2292	014124b0-951f-11ec-ba6c-4ea9000dfafc.exe
2284	0142ab50-951f-11ec-ba71-4ea9000dfafc.exe
2416	0153c250-951f-11ec-bb1e-4ea9000dfafc.exe
2332	0142ab50-951f-11ec-ba6e-4ea9000dfafc.exe
2576	01425d30-951f-11ec-ba6d-4ea9000dfafc.exe
2528	0142ab50-951f-11ec-ba72-4ea9000dfafc.exe
2484	0142ab50-951f-11ec-ba73-4ea9000dfafc.exe
2564	0142ab50-951f-11ec-ba6f-4ea9000dfafc.exe

Loads dropped DLL 64 IoCs

Processes:

43564aa0-94f8-11ec-9d1d-005056a01a83.exe

pid	process
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe
972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

2740 timeout.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

015d5f40-951f-11ec-bb65-4ea9000dfafc.exe

pid process

3360 015d5f40-951f-11ec-bb65-4ea9000dfafc.exe

pid	process
2740	timeout.exe

pid	process
3360	015d5f40-951f-11ec-bb65-4ea9000dfafc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

43564aa0-94f8-11ec-9d1d-005056a01a83.exe

description	pid	process	target process
PID 972 wrote to memory of 976	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 976	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 976	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1712	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1712	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1712	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1732	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1732	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1732	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 772	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 772	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 772	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 588	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 588	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 588	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 892	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 892	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 892	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 652	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 652	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 652	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1396	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1396	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1396	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1408	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1408	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1408	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 980	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 980	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 980	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1140	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1140	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1140	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 780	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 780	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 780	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 868	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 868	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 868	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 864	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 864	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 864	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1188	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1188	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1188	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1556	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1556	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1556	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1068	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1068	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1068	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1500	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1500	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1500	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1728	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1728	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1728	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1216	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1216	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1216	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 2008	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 2008	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 2008	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 972 wrote to memory of 1984	972	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
"C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\system32\cmd.exe
cmd /C copy C:\Users\Admin\AppData\Local\Temp\read_me.html C:\Users\Admin\Desktop\read_me.html
2⤵
PID:976

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:1712

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012a6860-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:1732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012add90-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:772

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:588

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:892

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
2⤵
PID:652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01314630-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:1408

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:980

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0130f810-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:1396

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01371290-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:1140

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013787c0-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013ba670-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:868

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013b5850-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:1188

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
2⤵
PID:1556

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
2⤵
PID:1068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba80-4ea9000dfafc.exe
2⤵
PID:1500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014395b0-951f-11ec-ba87-4ea9000dfafc.exe
2⤵
PID:1728

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0147db70-951f-11ec-ba8f-4ea9000dfafc.exe
2⤵
PID:1216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149d740-951f-11ec-baa7-4ea9000dfafc.exe
2⤵
PID:2008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149fe50-951f-11ec-baa8-4ea9000dfafc.exe
2⤵
PID:1984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b5de0-951f-11ec-bab6-4ea9000dfafc.exe
2⤵
PID:2016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bac00-951f-11ec-babe-4ea9000dfafc.exe
2⤵
PID:1684

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bd310-951f-11ec-babe-4ea9000dfafc.exe
2⤵
PID:556

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-babf-4ea9000dfafc.exe
2⤵
PID:1908

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d80c0-951f-11ec-badb-4ea9000dfafc.exe
2⤵
PID:1740

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014dcee0-951f-11ec-badf-4ea9000dfafc.exe
2⤵
PID:1524

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ff1c0-951f-11ec-bafd-4ea9000dfafc.exe
2⤵
PID:1152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012a8f70-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:1972

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0153c250-951f-11ec-bb1d-4ea9000dfafc.exe
2⤵
PID:480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb35-4ea9000dfafc.exe
2⤵
PID:1064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0157e100-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:1744

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158cb60-951f-11ec-bb3e-4ea9000dfafc.exe
2⤵
PID:912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0159b5c0-951f-11ec-bb4c-4ea9000dfafc.exe
2⤵
PID:584

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d3830-951f-11ec-bb63-4ea9000dfafc.exe
2⤵
PID:896

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e2290-951f-11ec-bb6c-4ea9000dfafc.exe
2⤵
PID:2000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7e-4ea9000dfafc.exe
2⤵
PID:1980

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb86-4ea9000dfafc.exe
2⤵
PID:2004

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160baa0-951f-11ec-bb96-4ea9000dfafc.exe
2⤵
PID:288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012a4150-951f-11ec-ba62-4ea9000dfafc.exe
2⤵
PID:2016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163c7e0-951f-11ec-bba2-4ea9000dfafc.exe
2⤵
PID:1740

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0164b240-951f-11ec-bbac-4ea9000dfafc.exe
2⤵
PID:1064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013a9500-951f-11ec-ba65-4ea9000dfafc.exe
2⤵
PID:1988

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013d2d10-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:1152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aa020-951f-11ec-bb51-4ea9000dfafc.exe
2⤵
PID:2052

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015cc300-951f-11ec-bb61-4ea9000dfafc.exe
2⤵
PID:2064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161f320-951f-11ec-bba1-4ea9000dfafc.exe
2⤵
PID:2072

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013edac0-951f-11ec-ba68-4ea9000dfafc.exe
2⤵
PID:2080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163a0d0-951f-11ec-bba2-4ea9000dfafc.exe
2⤵
PID:2088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013f4ff0-951f-11ec-ba69-4ea9000dfafc.exe
2⤵
PID:2096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013f4ff0-951f-11ec-ba68-4ea9000dfafc.exe
2⤵
PID:2104

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013f4ff0-951f-11ec-ba6a-4ea9000dfafc.exe
2⤵
PID:2112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013f7700-951f-11ec-ba6a-4ea9000dfafc.exe
2⤵
PID:2120

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01401340-951f-11ec-ba6a-4ea9000dfafc.exe
2⤵
PID:2128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0153c250-951f-11ec-bb1e-4ea9000dfafc.exe
2⤵
PID:2136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0140fda0-951f-11ec-ba6a-4ea9000dfafc.exe
2⤵
PID:2144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014124b0-951f-11ec-ba6b-4ea9000dfafc.exe
2⤵
PID:2152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014124b0-951f-11ec-ba6d-4ea9000dfafc.exe
2⤵
PID:2160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014124b0-951f-11ec-ba6c-4ea9000dfafc.exe
2⤵
PID:2168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba6e-4ea9000dfafc.exe
2⤵
PID:2176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba6f-4ea9000dfafc.exe
2⤵
PID:2184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba71-4ea9000dfafc.exe
2⤵
PID:2200

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba70-4ea9000dfafc.exe
2⤵
PID:2192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01425d30-951f-11ec-ba6d-4ea9000dfafc.exe
2⤵
PID:2208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba72-4ea9000dfafc.exe
2⤵
PID:2216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba74-4ea9000dfafc.exe
2⤵
PID:2224

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba73-4ea9000dfafc.exe
2⤵
PID:2232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba75-4ea9000dfafc.exe
2⤵
PID:2240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba78-4ea9000dfafc.exe
2⤵
PID:2248

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7a-4ea9000dfafc.exe
2⤵
PID:2256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba79-4ea9000dfafc.exe
2⤵
PID:2264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7c-4ea9000dfafc.exe
2⤵
PID:2272

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7b-4ea9000dfafc.exe
2⤵
PID:2280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7e-4ea9000dfafc.exe
2⤵
PID:2288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7d-4ea9000dfafc.exe
2⤵
PID:2296

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba7f-4ea9000dfafc.exe
2⤵
PID:2304

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba81-4ea9000dfafc.exe
2⤵
PID:2312

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba83-4ea9000dfafc.exe
2⤵
PID:2320

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba84-4ea9000dfafc.exe
2⤵
PID:2328

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba85-4ea9000dfafc.exe
2⤵
PID:2336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba86-4ea9000dfafc.exe
2⤵
PID:2344

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba87-4ea9000dfafc.exe
2⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\01371290-951f-11ec-ba64-4ea9000dfafc.exe
01371290-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\sz170800.cab
2⤵
- Executes dropped EXE
PID:2360

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01440ae0-951f-11ec-ba89-4ea9000dfafc.exe
2⤵
PID:2384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01454360-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:2404

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0144a720-951f-11ec-ba89-4ea9000dfafc.exe
2⤵
PID:2412

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0144a720-951f-11ec-ba8a-4ea9000dfafc.exe
2⤵
PID:2420

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01473f30-951f-11ec-ba8d-4ea9000dfafc.exe
2⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\012a6860-951f-11ec-ba62-4ea9000dfafc.exe
012a6860-951f-11ec-ba62-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
2⤵
- Executes dropped EXE
PID:2440

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0146a2f0-951f-11ec-ba8c-4ea9000dfafc.exe
2⤵
PID:2496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01482990-951f-11ec-ba92-4ea9000dfafc.exe
2⤵
PID:2564

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01482990-951f-11ec-ba91-4ea9000dfafc.exe
2⤵
PID:2572

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba98-4ea9000dfafc.exe
2⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\jdk1.7.0_80.msi
2⤵
PID:2596

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148c5d0-951f-11ec-ba9a-4ea9000dfafc.exe
2⤵
PID:2616

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-ba9d-4ea9000dfafc.exe
2⤵
PID:2648

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148c5d0-951f-11ec-ba9b-4ea9000dfafc.exe
2⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\013ba670-951f-11ec-ba67-4ea9000dfafc.exe
013ba670-951f-11ec-ba67-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab"
2⤵
- Executes dropped EXE
PID:2664

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-ba9c-4ea9000dfafc.exe
2⤵
PID:2628

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-ba9f-4ea9000dfafc.exe
2⤵
PID:2688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-baa3-4ea9000dfafc.exe
2⤵
PID:2704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01493b00-951f-11ec-baa5-4ea9000dfafc.exe
2⤵
PID:2788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149d740-951f-11ec-baa6-4ea9000dfafc.exe
2⤵
PID:2812

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01493b00-951f-11ec-baa4-4ea9000dfafc.exe
2⤵
PID:2780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149fe50-951f-11ec-baa9-4ea9000dfafc.exe
2⤵
PID:2828

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149fe50-951f-11ec-baaa-4ea9000dfafc.exe
2⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba64-4ea9000dfafc.exe
0130f810-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
2⤵
- Executes dropped EXE
PID:2748

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01493b00-951f-11ec-baa3-4ea9000dfafc.exe
2⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\012add90-951f-11ec-ba62-4ea9000dfafc.exe
012add90-951f-11ec-ba62-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi"
2⤵
- Executes dropped EXE
PID:2716

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba97-4ea9000dfafc.exe
2⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\01314630-951f-11ec-ba64-4ea9000dfafc.exe
01314630-951f-11ec-ba64-4ea9000dfafc.exe "C:\\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
2⤵
- Executes dropped EXE
PID:2528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01476640-951f-11ec-ba8f-4ea9000dfafc.exe
2⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll"
2⤵
- Executes dropped EXE
PID:2464

C:\Users\Admin\AppData\Local\Temp\012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
2⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\013787c0-951f-11ec-ba64-4ea9000dfafc.exe
013787c0-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\AddUnregister.dll
2⤵
PID:2860

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a2560-951f-11ec-baac-4ea9000dfafc.exe
2⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
0142ab50-951f-11ec-ba76-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab"
2⤵
- Executes dropped EXE
PID:2976

C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
012e11e0-951f-11ec-ba62-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml"
2⤵
- Executes dropped EXE
PID:3060

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ae8b0-951f-11ec-bab4-4ea9000dfafc.exe
2⤵
PID:2076

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ac1a0-951f-11ec-bab1-4ea9000dfafc.exe
2⤵
PID:2152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bac00-951f-11ec-babd-4ea9000dfafc.exe
2⤵
PID:2156

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b84f0-951f-11ec-babb-4ea9000dfafc.exe
2⤵
PID:2148

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a2560-951f-11ec-baad-4ea9000dfafc.exe
2⤵
PID:2140

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a2560-951f-11ec-baaa-4ea9000dfafc.exe
2⤵
PID:2112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b5de0-951f-11ec-bab7-4ea9000dfafc.exe
2⤵
PID:2132

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a2560-951f-11ec-baab-4ea9000dfafc.exe
2⤵
PID:2104

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b84f0-951f-11ec-bab9-4ea9000dfafc.exe
2⤵
PID:2116

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b0fc0-951f-11ec-bab6-4ea9000dfafc.exe
2⤵
PID:2100

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ae8b0-951f-11ec-bab3-4ea9000dfafc.exe
2⤵
PID:2092

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b0fc0-951f-11ec-bab5-4ea9000dfafc.exe
2⤵
PID:2084

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a9a90-951f-11ec-bab0-4ea9000dfafc.exe
2⤵
PID:2068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-bac1-4ea9000dfafc.exe
2⤵
PID:2212

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b84f0-951f-11ec-baba-4ea9000dfafc.exe
2⤵
PID:2236

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-bac3-4ea9000dfafc.exe
2⤵
PID:2208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0145dfa0-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:2216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bad1-4ea9000dfafc.exe
2⤵
PID:2288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d0b90-951f-11ec-bad5-4ea9000dfafc.exe
2⤵
PID:2304

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014da7d0-951f-11ec-badd-4ea9000dfafc.exe
2⤵
PID:2336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014dcee0-951f-11ec-bade-4ea9000dfafc.exe
2⤵
PID:2344

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014dcee0-951f-11ec-bae1-4ea9000dfafc.exe
2⤵
PID:2384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e4410-951f-11ec-bae4-4ea9000dfafc.exe
2⤵
PID:2392

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e4410-951f-11ec-bae1-4ea9000dfafc.exe
2⤵
PID:2424

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e6b20-951f-11ec-bae4-4ea9000dfafc.exe
2⤵
PID:2364

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-bae9-4ea9000dfafc.exe
2⤵
PID:2444

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-baec-4ea9000dfafc.exe
2⤵
PID:2484

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-baea-4ea9000dfafc.exe
2⤵
PID:2496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f0760-951f-11ec-baec-4ea9000dfafc.exe
2⤵
PID:2552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baf1-4ea9000dfafc.exe
2⤵
PID:2568

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f0760-951f-11ec-baee-4ea9000dfafc.exe
2⤵
PID:2576

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baf3-4ea9000dfafc.exe
2⤵
PID:2620

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f7c90-951f-11ec-baf7-4ea9000dfafc.exe
2⤵
PID:2616

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f7c90-951f-11ec-baf6-4ea9000dfafc.exe
2⤵
PID:2652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fcab0-951f-11ec-bafb-4ea9000dfafc.exe
2⤵
PID:2600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fcab0-951f-11ec-bafa-4ea9000dfafc.exe
2⤵
PID:2636

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fa3a0-951f-11ec-baf8-4ea9000dfafc.exe
2⤵
PID:2656

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fa3a0-951f-11ec-bafa-4ea9000dfafc.exe
2⤵
- Executes dropped EXE
PID:2596

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fcab0-951f-11ec-bafc-4ea9000dfafc.exe
2⤵
PID:2704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015018d0-951f-11ec-bb02-4ea9000dfafc.exe
2⤵
PID:2788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015066f0-951f-11ec-bb05-4ea9000dfafc.exe
2⤵
PID:2752

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015066f0-951f-11ec-bb04-4ea9000dfafc.exe
2⤵
PID:2820

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015018d0-951f-11ec-baff-4ea9000dfafc.exe
2⤵
PID:2808

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01503fe0-951f-11ec-bb03-4ea9000dfafc.exe
2⤵
PID:2824

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015066f0-951f-11ec-bb03-4ea9000dfafc.exe
2⤵
PID:2832

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150b510-951f-11ec-bb0d-4ea9000dfafc.exe
2⤵
PID:2888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150dc20-951f-11ec-bb0e-4ea9000dfafc.exe
2⤵
PID:2864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ac1a0-951f-11ec-bab0-4ea9000dfafc.exe
2⤵
PID:2908

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150b510-951f-11ec-bb0c-4ea9000dfafc.exe
2⤵
- Executes dropped EXE
PID:2860

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01523bb0-951f-11ec-bb16-4ea9000dfafc.exe
2⤵
PID:2936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015289d0-951f-11ec-bb16-4ea9000dfafc.exe
2⤵
PID:2920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0152b0e0-951f-11ec-bb18-4ea9000dfafc.exe
2⤵
PID:2952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01539b40-951f-11ec-bb1a-4ea9000dfafc.exe
2⤵
PID:2916

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01545e90-951f-11ec-bb21-4ea9000dfafc.exe
2⤵
PID:1988

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0154acb0-951f-11ec-bb22-4ea9000dfafc.exe
2⤵
PID:2172

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01557000-951f-11ec-bb25-4ea9000dfafc.exe
2⤵
PID:3104

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01557000-951f-11ec-bb27-4ea9000dfafc.exe
2⤵
PID:3112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0155be20-951f-11ec-bb28-4ea9000dfafc.exe
2⤵
PID:3136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2b-4ea9000dfafc.exe
2⤵
PID:3144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2d-4ea9000dfafc.exe
2⤵
PID:3152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2f-4ea9000dfafc.exe
2⤵
PID:3160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0144f540-951f-11ec-ba8a-4ea9000dfafc.exe
2⤵
PID:3168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149d740-951f-11ec-baa5-4ea9000dfafc.exe
2⤵
PID:3176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0155e530-951f-11ec-bb29-4ea9000dfafc.exe
2⤵
PID:3128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01576bd0-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:3208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e9230-951f-11ec-bae4-4ea9000dfafc.exe
2⤵
PID:3248

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158cb60-951f-11ec-bb3f-4ea9000dfafc.exe
2⤵
PID:3256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0159b5c0-951f-11ec-bb4a-4ea9000dfafc.exe
2⤵
PID:3312

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aa020-951f-11ec-bb54-4ea9000dfafc.exe
2⤵
PID:3384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b8a80-951f-11ec-bb5b-4ea9000dfafc.exe
2⤵
PID:3448

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baf2-4ea9000dfafc.exe
2⤵
PID:3496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dad60-951f-11ec-bb67-4ea9000dfafc.exe
2⤵
PID:3544

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e2290-951f-11ec-bb6b-4ea9000dfafc.exe
2⤵
PID:3592

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb72-4ea9000dfafc.exe
2⤵
PID:3672

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aa020-951f-11ec-bb53-4ea9000dfafc.exe
2⤵
PID:3736

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7f-4ea9000dfafc.exe
2⤵
PID:3784

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb83-4ea9000dfafc.exe
2⤵
PID:3832

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015f3400-951f-11ec-bb8f-4ea9000dfafc.exe
2⤵
PID:3888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015f3400-951f-11ec-bb90-4ea9000dfafc.exe
2⤵
PID:3948

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015c4dd0-951f-11ec-bb60-4ea9000dfafc.exe
2⤵
PID:4008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb99-4ea9000dfafc.exe
2⤵
PID:4048

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9b-4ea9000dfafc.exe
2⤵
PID:4056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9d-4ea9000dfafc.exe
2⤵
PID:4080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bba0-4ea9000dfafc.exe
2⤵
PID:4112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161cc10-951f-11ec-bba0-4ea9000dfafc.exe
2⤵
PID:4120

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0162dd80-951f-11ec-bba1-4ea9000dfafc.exe
2⤵
PID:4160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9e-4ea9000dfafc.exe
2⤵
PID:4192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01632ba0-951f-11ec-bba2-4ea9000dfafc.exe
2⤵
PID:4228

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01323090-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4244

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01364f40-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4276

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0134efb0-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4316

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01641600-951f-11ec-bba5-4ea9000dfafc.exe
2⤵
PID:4336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01643d10-951f-11ec-bba8-4ea9000dfafc.exe
2⤵
PID:4360

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01646420-951f-11ec-bba9-4ea9000dfafc.exe
2⤵
PID:4384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01648b30-951f-11ec-bbaa-4ea9000dfafc.exe
2⤵
PID:4420

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01648b30-951f-11ec-bbac-4ea9000dfafc.exe
2⤵
PID:4432

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0138e750-951f-11ec-ba65-4ea9000dfafc.exe
2⤵
PID:4468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01650060-951f-11ec-bbae-4ea9000dfafc.exe
2⤵
PID:4504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01440ae0-951f-11ec-ba87-4ea9000dfafc.exe
2⤵
PID:4540

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb2f-4ea9000dfafc.exe
2⤵
PID:4564

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015214a0-951f-11ec-bb15-4ea9000dfafc.exe
2⤵
PID:4592

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d59b0-951f-11ec-bad6-4ea9000dfafc.exe
2⤵
PID:4624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-baa1-4ea9000dfafc.exe
2⤵
PID:4648

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baf0-4ea9000dfafc.exe
2⤵
PID:4672

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aee40-951f-11ec-bb56-4ea9000dfafc.exe
2⤵
PID:4712

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b6370-951f-11ec-bb5a-4ea9000dfafc.exe
2⤵
PID:4736

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b6370-951f-11ec-bb59-4ea9000dfafc.exe
2⤵
PID:4760

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7b-4ea9000dfafc.exe
2⤵
PID:4792

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb3c-4ea9000dfafc.exe
2⤵
PID:4816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bac8-4ea9000dfafc.exe
2⤵
PID:4840

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb31-4ea9000dfafc.exe
2⤵
PID:4856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-bae7-4ea9000dfafc.exe
2⤵
PID:4876

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bac00-951f-11ec-babb-4ea9000dfafc.exe
2⤵
PID:4904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0159b5c0-951f-11ec-bb49-4ea9000dfafc.exe
2⤵
PID:4940

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ff1c0-951f-11ec-bafc-4ea9000dfafc.exe
2⤵
PID:4972

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ae8b0-951f-11ec-bab2-4ea9000dfafc.exe
2⤵
PID:5008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01591980-951f-11ec-bb44-4ea9000dfafc.exe
2⤵
PID:5032

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bac00-951f-11ec-babc-4ea9000dfafc.exe
2⤵
PID:5068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a9a90-951f-11ec-baae-4ea9000dfafc.exe
2⤵
PID:5108

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01591980-951f-11ec-bb45-4ea9000dfafc.exe
2⤵
PID:5144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a7910-951f-11ec-bb4f-4ea9000dfafc.exe
2⤵
PID:5172

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01510330-951f-11ec-bb0f-4ea9000dfafc.exe
2⤵
PID:5208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aa020-951f-11ec-bb50-4ea9000dfafc.exe
2⤵
PID:5240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e97c0-951f-11ec-bb8f-4ea9000dfafc.exe
2⤵
PID:5276

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0152d7f0-951f-11ec-bb18-4ea9000dfafc.exe
2⤵
PID:5300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01541070-951f-11ec-bb1e-4ea9000dfafc.exe
2⤵
PID:5324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-bae8-4ea9000dfafc.exe
2⤵
PID:5340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01476640-951f-11ec-ba8e-4ea9000dfafc.exe
2⤵
PID:5368

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01609390-951f-11ec-bb93-4ea9000dfafc.exe
2⤵
PID:5400

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb75-4ea9000dfafc.exe
2⤵
PID:5408

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015ff750-951f-11ec-bb91-4ea9000dfafc.exe
2⤵
PID:5432

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb30-4ea9000dfafc.exe
2⤵
PID:5456

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150b510-951f-11ec-bb0a-4ea9000dfafc.exe
2⤵
PID:5496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bac9-4ea9000dfafc.exe
2⤵
PID:5528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160e1b0-951f-11ec-bb97-4ea9000dfafc.exe
2⤵
PID:5540

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01512a40-951f-11ec-bb0f-4ea9000dfafc.exe
2⤵
PID:5580

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015c4dd0-951f-11ec-bb5e-4ea9000dfafc.exe
2⤵
PID:5600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160baa0-951f-11ec-bb94-4ea9000dfafc.exe
2⤵
PID:5612

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0153c250-951f-11ec-bb1b-4ea9000dfafc.exe
2⤵
PID:5648

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01648b30-951f-11ec-bbab-4ea9000dfafc.exe
2⤵
PID:5684

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01652770-951f-11ec-bbae-4ea9000dfafc.exe
2⤵
PID:5720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01654e80-951f-11ec-bbaf-4ea9000dfafc.exe
2⤵
PID:5760

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01657590-951f-11ec-bbaf-4ea9000dfafc.exe
2⤵
PID:5784

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013edac0-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:5804

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01508e00-951f-11ec-bb08-4ea9000dfafc.exe
2⤵
PID:5828

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01657590-951f-11ec-bbb0-4ea9000dfafc.exe
2⤵
PID:5856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baee-4ea9000dfafc.exe
2⤵
PID:5876

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148c5d0-951f-11ec-ba98-4ea9000dfafc.exe
2⤵
PID:5924

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01557000-951f-11ec-bb26-4ea9000dfafc.exe
2⤵
PID:5948

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01541070-951f-11ec-bb21-4ea9000dfafc.exe
2⤵
PID:5984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158f270-951f-11ec-bb40-4ea9000dfafc.exe
2⤵
PID:6000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0154d3c0-951f-11ec-bb24-4ea9000dfafc.exe
2⤵
PID:6020

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014431f0-951f-11ec-ba89-4ea9000dfafc.exe
2⤵
PID:6036

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01557000-951f-11ec-bb28-4ea9000dfafc.exe
2⤵
PID:6044

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0144f540-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:6068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb3d-4ea9000dfafc.exe
2⤵
PID:6080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01471820-951f-11ec-ba8d-4ea9000dfafc.exe
2⤵
PID:6104

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01467be0-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:6148

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb3a-4ea9000dfafc.exe
2⤵
PID:6180

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01480280-951f-11ec-ba90-4ea9000dfafc.exe
2⤵
PID:6204

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0147db70-951f-11ec-ba90-4ea9000dfafc.exe
2⤵
PID:6240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb8d-4ea9000dfafc.exe
2⤵
PID:6280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01612fd0-951f-11ec-bb99-4ea9000dfafc.exe
2⤵
PID:6300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01496210-951f-11ec-baa5-4ea9000dfafc.exe
2⤵
PID:6324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a4c70-951f-11ec-baae-4ea9000dfafc.exe
2⤵
PID:6352

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bacf-4ea9000dfafc.exe
2⤵
PID:6388

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148c5d0-951f-11ec-ba99-4ea9000dfafc.exe
2⤵
PID:6424

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b0fc0-951f-11ec-bab4-4ea9000dfafc.exe
2⤵
PID:6460

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b5de0-951f-11ec-bab9-4ea9000dfafc.exe
2⤵
PID:6496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014b5de0-951f-11ec-bab8-4ea9000dfafc.exe
2⤵
PID:6484

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d3830-951f-11ec-bb61-4ea9000dfafc.exe
2⤵
PID:6472

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01508e00-951f-11ec-bb0a-4ea9000dfafc.exe
2⤵
PID:6448

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015ac730-951f-11ec-bb55-4ea9000dfafc.exe
2⤵
PID:6436

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb38-4ea9000dfafc.exe
2⤵
PID:6412

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01650060-951f-11ec-bbad-4ea9000dfafc.exe
2⤵
PID:6400

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0156cf90-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:6376

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013b5850-951f-11ec-ba66-4ea9000dfafc.exe
2⤵
PID:6364

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0130f810-951f-11ec-ba63-4ea9000dfafc.exe
2⤵
PID:6340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160e1b0-951f-11ec-bb98-4ea9000dfafc.exe
2⤵
PID:6316

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015ff750-951f-11ec-bb92-4ea9000dfafc.exe
2⤵
PID:6288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba93-4ea9000dfafc.exe
2⤵
PID:6264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb8c-4ea9000dfafc.exe
2⤵
PID:6256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01473f30-951f-11ec-ba8e-4ea9000dfafc.exe
2⤵
PID:6228

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015c74e0-951f-11ec-bb60-4ea9000dfafc.exe
2⤵
PID:6216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01480280-951f-11ec-ba91-4ea9000dfafc.exe
2⤵
PID:6196

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0146ca00-951f-11ec-ba8d-4ea9000dfafc.exe
2⤵
PID:6168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015c26c0-951f-11ec-bb5e-4ea9000dfafc.exe
2⤵
PID:6156

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2a-4ea9000dfafc.exe
2⤵
PID:6128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0146ca00-951f-11ec-ba8c-4ea9000dfafc.exe
2⤵
PID:6116

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01582f20-951f-11ec-bb37-4ea9000dfafc.exe
2⤵
PID:6096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014dcee0-951f-11ec-bae0-4ea9000dfafc.exe
2⤵
PID:6060

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01432080-951f-11ec-ba87-4ea9000dfafc.exe
2⤵
PID:6008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01519f70-951f-11ec-bb14-4ea9000dfafc.exe
2⤵
PID:5976

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0140fda0-951f-11ec-ba6b-4ea9000dfafc.exe
2⤵
PID:5960

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01423620-951f-11ec-ba6d-4ea9000dfafc.exe
2⤵
PID:5940

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01519f70-951f-11ec-bb13-4ea9000dfafc.exe
2⤵
PID:5912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c9660-951f-11ec-bad3-4ea9000dfafc.exe
2⤵
PID:5904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01425d30-951f-11ec-ba6e-4ea9000dfafc.exe
2⤵
PID:5888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c9660-951f-11ec-bad4-4ea9000dfafc.exe
2⤵
PID:5864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01414bc0-951f-11ec-ba6d-4ea9000dfafc.exe
2⤵
PID:5840

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a4c70-951f-11ec-baad-4ea9000dfafc.exe
2⤵
PID:5816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013df060-951f-11ec-ba67-4ea9000dfafc.exe
2⤵
PID:5796

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01541070-951f-11ec-bb20-4ea9000dfafc.exe
2⤵
PID:5768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01654e80-951f-11ec-bbae-4ea9000dfafc.exe
2⤵
PID:5744

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01541070-951f-11ec-bb1f-4ea9000dfafc.exe
2⤵
PID:5732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013b5850-951f-11ec-ba65-4ea9000dfafc.exe
2⤵
PID:5712

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0164d950-951f-11ec-bbac-4ea9000dfafc.exe
2⤵
PID:5696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01557000-951f-11ec-bb24-4ea9000dfafc.exe
2⤵
PID:5672

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01369d60-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:5664

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9f-4ea9000dfafc.exe
2⤵
PID:5636

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01440ae0-951f-11ec-ba88-4ea9000dfafc.exe
2⤵
PID:5624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b8a80-951f-11ec-bb5a-4ea9000dfafc.exe
2⤵
PID:5588

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160e1b0-951f-11ec-bb96-4ea9000dfafc.exe
2⤵
PID:5564

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb39-4ea9000dfafc.exe
2⤵
PID:5552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015018d0-951f-11ec-bb00-4ea9000dfafc.exe
2⤵
PID:5520

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b8a80-951f-11ec-bb5c-4ea9000dfafc.exe
2⤵
PID:5504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015ac730-951f-11ec-bb54-4ea9000dfafc.exe
2⤵
PID:5480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b8a80-951f-11ec-bb5d-4ea9000dfafc.exe
2⤵
PID:5468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01517860-951f-11ec-bb10-4ea9000dfafc.exe
2⤵
PID:5444

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba94-4ea9000dfafc.exe
2⤵
PID:5420

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01517860-951f-11ec-bb12-4ea9000dfafc.exe
2⤵
PID:5392

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e2290-951f-11ec-bb6a-4ea9000dfafc.exe
2⤵
PID:5384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb89-4ea9000dfafc.exe
2⤵
PID:5348

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d3830-951f-11ec-bb62-4ea9000dfafc.exe
2⤵
PID:5312

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e4410-951f-11ec-bae3-4ea9000dfafc.exe
2⤵
PID:5292

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb8a-4ea9000dfafc.exe
2⤵
PID:5268

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01517860-951f-11ec-bb11-4ea9000dfafc.exe
2⤵
PID:5252

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01646420-951f-11ec-bba8-4ea9000dfafc.exe
2⤵
PID:5232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01517860-951f-11ec-bb0f-4ea9000dfafc.exe
2⤵
PID:5216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-baa0-4ea9000dfafc.exe
2⤵
PID:5192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01382400-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:5180

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bacc-4ea9000dfafc.exe
2⤵
PID:5156

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-baa2-4ea9000dfafc.exe
2⤵
PID:5132

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb80-4ea9000dfafc.exe
2⤵
PID:5116

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d80c0-951f-11ec-bad9-4ea9000dfafc.exe
2⤵
PID:5092

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e4410-951f-11ec-bae2-4ea9000dfafc.exe
2⤵
PID:5080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb34-4ea9000dfafc.exe
2⤵
PID:5060

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba92-4ea9000dfafc.exe
2⤵
PID:5044

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2c-4ea9000dfafc.exe
2⤵
PID:5024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158a450-951f-11ec-bb3b-4ea9000dfafc.exe
2⤵
PID:5000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb87-4ea9000dfafc.exe
2⤵
PID:4984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-bac0-4ea9000dfafc.exe
2⤵
PID:4964

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c2130-951f-11ec-bac4-4ea9000dfafc.exe
2⤵
PID:4948

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0152d7f0-951f-11ec-bb19-4ea9000dfafc.exe
2⤵
PID:4924

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d5f40-951f-11ec-bb63-4ea9000dfafc.exe
2⤵
PID:4912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7d-4ea9000dfafc.exe
2⤵
PID:4888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb81-4ea9000dfafc.exe
2⤵
PID:4864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158cb60-951f-11ec-bb3d-4ea9000dfafc.exe
2⤵
PID:4828

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bac7-4ea9000dfafc.exe
2⤵
PID:4808

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7a-4ea9000dfafc.exe
2⤵
PID:4780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba96-4ea9000dfafc.exe
2⤵
PID:4768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d80c0-951f-11ec-bada-4ea9000dfafc.exe
2⤵
PID:4744

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b3c60-951f-11ec-bb57-4ea9000dfafc.exe
2⤵
PID:4720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0149d740-951f-11ec-baa8-4ea9000dfafc.exe
2⤵
PID:4696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015ac730-951f-11ec-bb56-4ea9000dfafc.exe
2⤵
PID:4688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014eb940-951f-11ec-bae7-4ea9000dfafc.exe
2⤵
PID:4660

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c2130-951f-11ec-bac5-4ea9000dfafc.exe
2⤵
PID:4640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014877b0-951f-11ec-ba95-4ea9000dfafc.exe
2⤵
PID:4616

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a7910-951f-11ec-bb4e-4ea9000dfafc.exe
2⤵
PID:4600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0142ab50-951f-11ec-ba82-4ea9000dfafc.exe
2⤵
PID:4576

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f2e70-951f-11ec-baef-4ea9000dfafc.exe
2⤵
PID:4552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0145b890-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:4528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 013a6df0-951f-11ec-ba65-4ea9000dfafc.exe
2⤵
PID:4516

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0164d950-951f-11ec-bbad-4ea9000dfafc.exe
2⤵
PID:4492

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0138c040-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01646420-951f-11ec-bbaa-4ea9000dfafc.exe
2⤵
PID:4460

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0136eb80-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4444

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01345370-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4408

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01362830-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4396

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01641600-951f-11ec-bba8-4ea9000dfafc.exe
2⤵
PID:4376

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01641600-951f-11ec-bba7-4ea9000dfafc.exe
2⤵
PID:4348

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01641600-951f-11ec-bba6-4ea9000dfafc.exe
2⤵
PID:4324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163eef0-951f-11ec-bba5-4ea9000dfafc.exe
2⤵
PID:4300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163eef0-951f-11ec-bba4-4ea9000dfafc.exe
2⤵
PID:4288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163eef0-951f-11ec-bba3-4ea9000dfafc.exe
2⤵
PID:4268

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0163eef0-951f-11ec-bba2-4ea9000dfafc.exe
2⤵
PID:4252

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161cc10-951f-11ec-bba1-4ea9000dfafc.exe
2⤵
PID:4220

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01319450-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:4204

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01632ba0-951f-11ec-bba1-4ea9000dfafc.exe
2⤵
PID:4184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012eae20-951f-11ec-ba63-4ea9000dfafc.exe
2⤵
PID:4168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01626850-951f-11ec-bba1-4ea9000dfafc.exe
2⤵
PID:4144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 012e38f0-951f-11ec-ba63-4ea9000dfafc.exe
2⤵
PID:4136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9c-4ea9000dfafc.exe
2⤵
PID:4092

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0161a500-951f-11ec-bb9a-4ea9000dfafc.exe
2⤵
PID:4068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160baa0-951f-11ec-bb95-4ea9000dfafc.exe
2⤵
PID:4032

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01612fd0-951f-11ec-bb98-4ea9000dfafc.exe
2⤵
PID:4024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb88-4ea9000dfafc.exe
2⤵
PID:3996

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0160baa0-951f-11ec-bb93-4ea9000dfafc.exe
2⤵
PID:3988

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01609390-951f-11ec-bb92-4ea9000dfafc.exe
2⤵
PID:3976

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015fd040-951f-11ec-bb91-4ea9000dfafc.exe
2⤵
PID:3960

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01606c80-951f-11ec-bb92-4ea9000dfafc.exe
2⤵
PID:3936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015cc300-951f-11ec-bb60-4ea9000dfafc.exe
2⤵
PID:3924

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb8b-4ea9000dfafc.exe
2⤵
PID:3916

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0155e530-951f-11ec-bb2a-4ea9000dfafc.exe
2⤵
PID:3904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e97c0-951f-11ec-bb8e-4ea9000dfafc.exe
2⤵
PID:3876

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a7910-951f-11ec-bb50-4ea9000dfafc.exe
2⤵
PID:3864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e97c0-951f-11ec-bb8d-4ea9000dfafc.exe
2⤵
PID:3852

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e2290-951f-11ec-bb69-4ea9000dfafc.exe
2⤵
PID:3844

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb82-4ea9000dfafc.exe
2⤵
PID:3816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb85-4ea9000dfafc.exe
2⤵
PID:3804

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb84-4ea9000dfafc.exe
2⤵
PID:3792

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-ba9e-4ea9000dfafc.exe
2⤵
PID:3768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb6d-4ea9000dfafc.exe
2⤵
PID:3756

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0138c040-951f-11ec-ba65-4ea9000dfafc.exe
2⤵
PID:3748

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb79-4ea9000dfafc.exe
2⤵
PID:3720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb78-4ea9000dfafc.exe
2⤵
PID:3708

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb76-4ea9000dfafc.exe
2⤵
PID:3696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb74-4ea9000dfafc.exe
2⤵
PID:3688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015066f0-951f-11ec-bb06-4ea9000dfafc.exe
2⤵
PID:3660

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb70-4ea9000dfafc.exe
2⤵
PID:3652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb71-4ea9000dfafc.exe
2⤵
PID:3640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb6e-4ea9000dfafc.exe
2⤵
PID:3624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb6f-4ea9000dfafc.exe
2⤵
PID:3612

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb6c-4ea9000dfafc.exe
2⤵
PID:3604

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dd470-951f-11ec-bb68-4ea9000dfafc.exe
2⤵
PID:3576

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dfb80-951f-11ec-bb69-4ea9000dfafc.exe
2⤵
PID:3564

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dfb80-951f-11ec-bb68-4ea9000dfafc.exe
2⤵
PID:3556

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dd470-951f-11ec-bb67-4ea9000dfafc.exe
2⤵
PID:3528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015dad60-951f-11ec-bb66-4ea9000dfafc.exe
2⤵
PID:3516

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d5f40-951f-11ec-bb66-4ea9000dfafc.exe
2⤵
PID:3504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d5f40-951f-11ec-bb65-4ea9000dfafc.exe
2⤵
PID:3480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01591980-951f-11ec-bb42-4ea9000dfafc.exe
2⤵
PID:3468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015d5f40-951f-11ec-bb64-4ea9000dfafc.exe
2⤵
PID:3460

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015c4dd0-951f-11ec-bb5f-4ea9000dfafc.exe
2⤵
PID:3432

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b8a80-951f-11ec-bb5e-4ea9000dfafc.exe
2⤵
PID:3420

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b6370-951f-11ec-bb58-4ea9000dfafc.exe
2⤵
PID:3408

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015b3c60-951f-11ec-bb58-4ea9000dfafc.exe
2⤵
PID:3400

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aa020-951f-11ec-bb52-4ea9000dfafc.exe
2⤵
PID:3376

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a5200-951f-11ec-bb4e-4ea9000dfafc.exe
2⤵
PID:3368

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01598eb0-951f-11ec-bb48-4ea9000dfafc.exe
2⤵
PID:3360

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a2af0-951f-11ec-bb4e-4ea9000dfafc.exe
2⤵
PID:3352

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a03e0-951f-11ec-bb4d-4ea9000dfafc.exe
2⤵
PID:3344

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0159b5c0-951f-11ec-bb4d-4ea9000dfafc.exe
2⤵
PID:3336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01598eb0-951f-11ec-bb49-4ea9000dfafc.exe
2⤵
PID:3328

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01591980-951f-11ec-bb46-4ea9000dfafc.exe
2⤵
PID:3320

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01598eb0-951f-11ec-bb47-4ea9000dfafc.exe
2⤵
PID:3304

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01594090-951f-11ec-bb47-4ea9000dfafc.exe
2⤵
PID:3296

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01594090-951f-11ec-bb46-4ea9000dfafc.exe
2⤵
PID:3288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158f270-951f-11ec-bb41-4ea9000dfafc.exe
2⤵
PID:3280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158f270-951f-11ec-bb42-4ea9000dfafc.exe
2⤵
PID:3272

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01591980-951f-11ec-bb43-4ea9000dfafc.exe
2⤵
PID:3264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01582f20-951f-11ec-bb38-4ea9000dfafc.exe
2⤵
PID:3240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014913f0-951f-11ec-baa3-4ea9000dfafc.exe
2⤵
PID:3232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0156f6a0-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:3224

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01580810-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:3216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0157b9f0-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:3200

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb33-4ea9000dfafc.exe
2⤵
PID:3192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01563350-951f-11ec-bb2f-4ea9000dfafc.exe
2⤵
PID:3184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01559710-951f-11ec-bb28-4ea9000dfafc.exe
2⤵
PID:3120

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015548f0-951f-11ec-bb24-4ea9000dfafc.exe
2⤵
PID:3096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0154d3c0-951f-11ec-bb23-4ea9000dfafc.exe
2⤵
PID:3088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0154acb0-951f-11ec-bb23-4ea9000dfafc.exe
2⤵
PID:3080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015485a0-951f-11ec-bb22-4ea9000dfafc.exe
2⤵
PID:2168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015485a0-951f-11ec-bb21-4ea9000dfafc.exe
2⤵
PID:2232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0152d7f0-951f-11ec-bb1a-4ea9000dfafc.exe
2⤵
PID:3016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0153c250-951f-11ec-bb1c-4ea9000dfafc.exe
2⤵
PID:3020

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0152b0e0-951f-11ec-bb17-4ea9000dfafc.exe
2⤵
PID:2056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015289d0-951f-11ec-bb17-4ea9000dfafc.exe
2⤵
PID:2052

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bacb-4ea9000dfafc.exe
2⤵
PID:3024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ff1c0-951f-11ec-bafe-4ea9000dfafc.exe
2⤵
PID:3056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01517860-951f-11ec-bb13-4ea9000dfafc.exe
2⤵
PID:3048

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c9660-951f-11ec-bad1-4ea9000dfafc.exe
2⤵
PID:2940

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150dc20-951f-11ec-bb0f-4ea9000dfafc.exe
2⤵
- Executes dropped EXE
PID:2836

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01508e00-951f-11ec-bb09-4ea9000dfafc.exe
2⤵
PID:2884

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150b510-951f-11ec-bb0b-4ea9000dfafc.exe
2⤵
PID:2828

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01508e00-951f-11ec-bb07-4ea9000dfafc.exe
2⤵
PID:2768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015066f0-951f-11ec-bb07-4ea9000dfafc.exe
2⤵
PID:2720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01503fe0-951f-11ec-bb02-4ea9000dfafc.exe
2⤵
PID:2780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015018d0-951f-11ec-bb01-4ea9000dfafc.exe
2⤵
PID:2736

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ff1c0-951f-11ec-baff-4ea9000dfafc.exe
2⤵
PID:2740

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f7c90-951f-11ec-baf8-4ea9000dfafc.exe
2⤵
PID:2632

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f5580-951f-11ec-baf6-4ea9000dfafc.exe
2⤵
PID:2504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f5580-951f-11ec-baf5-4ea9000dfafc.exe
2⤵
PID:2512

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f5580-951f-11ec-baf4-4ea9000dfafc.exe
2⤵
PID:2588

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f5580-951f-11ec-baf3-4ea9000dfafc.exe
2⤵
PID:2592

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014f0760-951f-11ec-baed-4ea9000dfafc.exe
2⤵
PID:2532

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ee050-951f-11ec-baeb-4ea9000dfafc.exe
2⤵
PID:2500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014eb940-951f-11ec-bae6-4ea9000dfafc.exe
2⤵
PID:2508

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e9230-951f-11ec-bae5-4ea9000dfafc.exe
2⤵
PID:2432

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014e9230-951f-11ec-bae6-4ea9000dfafc.exe
2⤵
PID:2396

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d80c0-951f-11ec-badd-4ea9000dfafc.exe
2⤵
PID:2416

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014df5f0-951f-11ec-bae1-4ea9000dfafc.exe
2⤵
PID:2352

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014da7d0-951f-11ec-bade-4ea9000dfafc.exe
2⤵
PID:2320

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d59b0-951f-11ec-bad5-4ea9000dfafc.exe
2⤵
PID:2324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d59b0-951f-11ec-bad9-4ea9000dfafc.exe
2⤵
PID:2312

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c9660-951f-11ec-bad2-4ea9000dfafc.exe
2⤵
PID:2280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d0b90-951f-11ec-bad4-4ea9000dfafc.exe
2⤵
PID:2300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d32a0-951f-11ec-bad5-4ea9000dfafc.exe
2⤵
PID:2256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bace-4ea9000dfafc.exe
2⤵
PID:2284

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bacc-4ea9000dfafc.exe
2⤵
PID:2268

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-bac6-4ea9000dfafc.exe
2⤵
PID:2248

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c2130-951f-11ec-bac6-4ea9000dfafc.exe
2⤵
PID:2192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c2130-951f-11ec-bac3-4ea9000dfafc.exe
2⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
0142ab50-951f-11ec-ba77-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\UnprotectGroup.css
2⤵
- Executes dropped EXE
PID:2172

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014a9a90-951f-11ec-baaf-4ea9000dfafc.exe
2⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba67-4ea9000dfafc.exe
013b5850-951f-11ec-ba67-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\ExportResolve.xlsx
2⤵
- Executes dropped EXE
PID:3024

C:\Users\Admin\AppData\Local\Temp\013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\GrantCheckpoint.html
2⤵
- Executes dropped EXE
PID:2936

C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
012e11e0-951f-11ec-ba63-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi"
2⤵
- Executes dropped EXE
PID:2916

C:\Users\Admin\AppData\Local\Temp\014395b0-951f-11ec-ba87-4ea9000dfafc.exe
014395b0-951f-11ec-ba87-4ea9000dfafc.exe C:\\Users\Admin\Documents\Opened.docx
2⤵
- Executes dropped EXE
PID:6508

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d59b0-951f-11ec-bad7-4ea9000dfafc.exe
2⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba80-4ea9000dfafc.exe
0142ab50-951f-11ec-ba80-4ea9000dfafc.exe C:\\Users\Admin\Desktop\TestFormat.jpg
2⤵
- Executes dropped EXE
PID:6532

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0150dc20-951f-11ec-bb0d-4ea9000dfafc.exe
2⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\0147db70-951f-11ec-ba8f-4ea9000dfafc.exe
0147db70-951f-11ec-ba8f-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Links\Suggested Sites.url"
2⤵
- Executes dropped EXE
PID:6660

C:\Users\Admin\AppData\Local\Temp\015e2290-951f-11ec-bb6c-4ea9000dfafc.exe
015e2290-951f-11ec-bb6c-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt
2⤵
- Executes dropped EXE
PID:6716

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0146a2f0-951f-11ec-ba8b-4ea9000dfafc.exe
2⤵
PID:6724

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-babe-4ea9000dfafc.exe
2⤵
PID:6732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:6740

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0148ece0-951f-11ec-ba9b-4ea9000dfafc.exe
2⤵
PID:6748

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01582f20-951f-11ec-bb36-4ea9000dfafc.exe
2⤵
PID:6768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015a2af0-951f-11ec-bb4d-4ea9000dfafc.exe
2⤵
PID:6776

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb73-4ea9000dfafc.exe
2⤵
PID:6784

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d80c0-951f-11ec-badc-4ea9000dfafc.exe
2⤵
PID:6792

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015aee40-951f-11ec-bb57-4ea9000dfafc.exe
2⤵
PID:6800

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015bb190-951f-11ec-bb5e-4ea9000dfafc.exe
2⤵
PID:6808

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0159b5c0-951f-11ec-bb4b-4ea9000dfafc.exe
2⤵
PID:6816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014ae8b0-951f-11ec-bab1-4ea9000dfafc.exe
2⤵
PID:6824

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bacd-4ea9000dfafc.exe
2⤵
PID:6832

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01565a60-951f-11ec-bb2f-4ea9000dfafc.exe
2⤵
PID:6840

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01568170-951f-11ec-bb32-4ea9000dfafc.exe
2⤵
PID:6848

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c6f50-951f-11ec-bad0-4ea9000dfafc.exe
2⤵
PID:6856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014bfa20-951f-11ec-bac2-4ea9000dfafc.exe
2⤵
PID:6864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb7c-4ea9000dfafc.exe
2⤵
PID:6872

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01560c40-951f-11ec-bb2e-4ea9000dfafc.exe
2⤵
PID:6880

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014fa3a0-951f-11ec-baf9-4ea9000dfafc.exe
2⤵
PID:6888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014c4840-951f-11ec-baca-4ea9000dfafc.exe
2⤵
PID:6896

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015e49a0-951f-11ec-bb77-4ea9000dfafc.exe
2⤵
PID:6904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0153c250-951f-11ec-bb1a-4ea9000dfafc.exe
2⤵
PID:6912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015fd040-951f-11ec-bb90-4ea9000dfafc.exe
2⤵
PID:6920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 01523bb0-951f-11ec-bb15-4ea9000dfafc.exe
2⤵
PID:6928

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 014d59b0-951f-11ec-bad8-4ea9000dfafc.exe
2⤵
PID:6944

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0158f270-951f-11ec-bb3f-4ea9000dfafc.exe
2⤵
PID:6936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0155be20-951f-11ec-bb29-4ea9000dfafc.exe
2⤵
PID:6952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 015214a0-951f-11ec-bb14-4ea9000dfafc.exe
2⤵
PID:6960

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0137aed0-951f-11ec-ba64-4ea9000dfafc.exe
2⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\012a8f70-951f-11ec-ba62-4ea9000dfafc.exe
012a8f70-951f-11ec-ba62-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab"
2⤵
- Executes dropped EXE
PID:6984

C:\Users\Admin\AppData\Local\Temp\014dcee0-951f-11ec-badf-4ea9000dfafc.exe
014dcee0-951f-11ec-badf-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml"
2⤵
- Executes dropped EXE
PID:6976

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb7e-4ea9000dfafc.exe
015e49a0-951f-11ec-bb7e-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
2⤵
- Executes dropped EXE
PID:6992

C:\Users\Admin\AppData\Local\Temp\014d80c0-951f-11ec-badb-4ea9000dfafc.exe
014d80c0-951f-11ec-badb-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png"
2⤵
- Executes dropped EXE
PID:7000

C:\Users\Admin\AppData\Local\Temp\014bac00-951f-11ec-babe-4ea9000dfafc.exe
014bac00-951f-11ec-babe-4ea9000dfafc.exe C:\\Users\Admin\Pictures\PingBlock.png
2⤵
- Executes dropped EXE
PID:7024

C:\Users\Admin\AppData\Local\Temp\0153c250-951f-11ec-bb1d-4ea9000dfafc.exe
0153c250-951f-11ec-bb1d-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp"
2⤵
- Executes dropped EXE
PID:7048

C:\Users\Admin\AppData\Local\Temp\0158cb60-951f-11ec-bb3e-4ea9000dfafc.exe
0158cb60-951f-11ec-bb3e-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI1DE3.txt
2⤵
- Executes dropped EXE
PID:7096

C:\Users\Admin\AppData\Local\Temp\012a4150-951f-11ec-ba62-4ea9000dfafc.exe
012a4150-951f-11ec-ba62-4ea9000dfafc.exe C:\\vcredist2010_x86.log.html
2⤵
- Executes dropped EXE
PID:7116

C:\Users\Admin\AppData\Local\Temp\0159b5c0-951f-11ec-bb4c-4ea9000dfafc.exe
0159b5c0-951f-11ec-bb4c-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml"
2⤵
- Executes dropped EXE
PID:7124

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb35-4ea9000dfafc.exe
01568170-951f-11ec-bb35-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links"
2⤵
- Executes dropped EXE
PID:7132

C:\Users\Admin\AppData\Local\Temp\014ff1c0-951f-11ec-bafd-4ea9000dfafc.exe
014ff1c0-951f-11ec-bafd-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\fr-FR\resource.xml"
2⤵
- Executes dropped EXE
PID:7164

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb86-4ea9000dfafc.exe
015e49a0-951f-11ec-bb86-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata"
2⤵
- Executes dropped EXE
PID:2012

C:\Users\Admin\AppData\Local\Temp\0149d740-951f-11ec-baa7-4ea9000dfafc.exe
0149d740-951f-11ec-baa7-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE"
2⤵
- Executes dropped EXE
PID:2116

C:\Users\Admin\AppData\Local\Temp\0157e100-951f-11ec-bb36-4ea9000dfafc.exe
0157e100-951f-11ec-bb36-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_0"
2⤵
- Executes dropped EXE
PID:2120

C:\Users\Admin\AppData\Local\Temp\0149fe50-951f-11ec-baa8-4ea9000dfafc.exe
0149fe50-951f-11ec-baa8-4ea9000dfafc.exe C:\\Users\Admin\Music\FormatPublish.pdf
2⤵
- Executes dropped EXE
PID:2140

C:\Users\Admin\AppData\Local\Temp\015d3830-951f-11ec-bb63-4ea9000dfafc.exe
015d3830-951f-11ec-bb63-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab"
2⤵
- Executes dropped EXE
PID:2084

C:\Users\Admin\AppData\Local\Temp\014bd310-951f-11ec-babe-4ea9000dfafc.exe
014bd310-951f-11ec-babe-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml"
2⤵
- Executes dropped EXE
PID:2104

C:\Users\Admin\AppData\Local\Temp\014bfa20-951f-11ec-babf-4ea9000dfafc.exe
014bfa20-951f-11ec-babf-4ea9000dfafc.exe C:\\Users\Admin\Pictures\PublishNew.jpg
2⤵
- Executes dropped EXE
PID:2068

C:\Users\Admin\AppData\Local\Temp\014b5de0-951f-11ec-bab6-4ea9000dfafc.exe
014b5de0-951f-11ec-bab6-4ea9000dfafc.exe C:\\Users\Admin\NetHood
2⤵
- Executes dropped EXE
PID:268

C:\Users\Admin\AppData\Local\Temp\015aa020-951f-11ec-bb51-4ea9000dfafc.exe
015aa020-951f-11ec-bb51-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
2⤵
- Executes dropped EXE
PID:2480

C:\Users\Admin\AppData\Local\Temp\0160baa0-951f-11ec-bb96-4ea9000dfafc.exe
0160baa0-951f-11ec-bb96-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
2⤵
- Executes dropped EXE
PID:2612

C:\Users\Admin\AppData\Local\Temp\013a9500-951f-11ec-ba65-4ea9000dfafc.exe
013a9500-951f-11ec-ba65-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\DisableInitialize.cab
2⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\013edac0-951f-11ec-ba68-4ea9000dfafc.exe
013edac0-951f-11ec-ba68-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\GroupDeny.dll
2⤵
- Executes dropped EXE
PID:2856

C:\Users\Admin\AppData\Local\Temp\013d2d10-951f-11ec-ba67-4ea9000dfafc.exe
013d2d10-951f-11ec-ba67-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
- Executes dropped EXE
PID:3044

C:\Users\Admin\AppData\Local\Temp\0161f320-951f-11ec-bba1-4ea9000dfafc.exe
0161f320-951f-11ec-bba1-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0"
2⤵
- Executes dropped EXE
PID:1720

C:\Users\Admin\AppData\Local\Temp\0163c7e0-951f-11ec-bba2-4ea9000dfafc.exe
0163c7e0-951f-11ec-bba2-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History"
2⤵
- Executes dropped EXE
PID:2380

C:\Users\Admin\AppData\Local\Temp\0164b240-951f-11ec-bbac-4ea9000dfafc.exe
0164b240-951f-11ec-bbac-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL"
2⤵
- Executes dropped EXE
PID:2228

C:\Users\Admin\AppData\Local\Temp\013f4ff0-951f-11ec-ba69-4ea9000dfafc.exe
013f4ff0-951f-11ec-ba69-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\CREDHIST
2⤵
- Executes dropped EXE
PID:2676

C:\Users\Admin\AppData\Local\Temp\015cc300-951f-11ec-bb61-4ea9000dfafc.exe
015cc300-951f-11ec-bb61-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
2⤵
- Executes dropped EXE
PID:2536

C:\Users\Admin\AppData\Local\Temp\013f7700-951f-11ec-ba6a-4ea9000dfafc.exe
013f7700-951f-11ec-ba6a-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1405931862-909307831-4085185274-1000\de3585ab-c5a0-4152-b6e6-a02dc814678c
2⤵
- Executes dropped EXE
PID:2548

C:\Users\Admin\AppData\Local\Temp\013f4ff0-951f-11ec-ba68-4ea9000dfafc.exe
013f4ff0-951f-11ec-ba68-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1405931862-909307831-4085185274-1000\0f5007522459c86e95ffcc62f32308f1_1a933a73-4d03-4b91-8cac-7b66f466e846
2⤵
- Executes dropped EXE
PID:2668

C:\Users\Admin\AppData\Local\Temp\014124b0-951f-11ec-ba6d-4ea9000dfafc.exe
014124b0-951f-11ec-ba6d-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\faxxuvis.default-release\SecurityPreloadState.txt
2⤵
- Executes dropped EXE
PID:2376

C:\Users\Admin\AppData\Local\Temp\0163a0d0-951f-11ec-bba2-4ea9000dfafc.exe
0163a0d0-951f-11ec-bba2-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico"
2⤵
- Executes dropped EXE
PID:1740

C:\Users\Admin\AppData\Local\Temp\01401340-951f-11ec-ba6a-4ea9000dfafc.exe
01401340-951f-11ec-ba6a-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi"
2⤵
- Executes dropped EXE
PID:3068

C:\Users\Admin\AppData\Local\Temp\014124b0-951f-11ec-ba6b-4ea9000dfafc.exe
014124b0-951f-11ec-ba6b-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20200403170909"
2⤵
- Executes dropped EXE
PID:1064

C:\Users\Admin\AppData\Local\Temp\0140fda0-951f-11ec-ba6a-4ea9000dfafc.exe
0140fda0-951f-11ec-ba6a-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml"
2⤵
- Executes dropped EXE
PID:2192

C:\Users\Admin\AppData\Local\Temp\013f4ff0-951f-11ec-ba6a-4ea9000dfafc.exe
013f4ff0-951f-11ec-ba6a-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1405931862-909307831-4085185274-1000\Preferred
2⤵
- Executes dropped EXE
PID:2336

C:\Users\Admin\AppData\Local\Temp\0153c250-951f-11ec-bb1e-4ea9000dfafc.exe
0153c250-951f-11ec-bb1e-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp"
2⤵
- Executes dropped EXE
PID:2416

C:\Users\Admin\AppData\Local\Temp\014124b0-951f-11ec-ba6c-4ea9000dfafc.exe
014124b0-951f-11ec-ba6c-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\faxxuvis.default-release\AlternateServices.txt
2⤵
- Executes dropped EXE
PID:2292

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba6e-4ea9000dfafc.exe
0142ab50-951f-11ec-ba6e-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml"
2⤵
- Executes dropped EXE
PID:2332

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba71-4ea9000dfafc.exe
0142ab50-951f-11ec-ba71-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab"
2⤵
- Executes dropped EXE
PID:2284

C:\Users\Admin\AppData\Local\Temp\01425d30-951f-11ec-ba6d-4ea9000dfafc.exe
01425d30-951f-11ec-ba6d-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\faxxuvis.default-release\pkcs11.txt
2⤵
- Executes dropped EXE
PID:2576

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba72-4ea9000dfafc.exe
0142ab50-951f-11ec-ba72-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi"
2⤵
- Executes dropped EXE
PID:2528

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba6f-4ea9000dfafc.exe
0142ab50-951f-11ec-ba6f-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
- Executes dropped EXE
PID:2564

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba73-4ea9000dfafc.exe
0142ab50-951f-11ec-ba73-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml"
2⤵
- Executes dropped EXE
PID:2484

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba74-4ea9000dfafc.exe
0142ab50-951f-11ec-ba74-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\faxxuvis.default-release\pluginreg.dat
2⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba78-4ea9000dfafc.exe
0142ab50-951f-11ec-ba78-4ea9000dfafc.exe "C:\\Users\Admin\Application Data"
2⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba70-4ea9000dfafc.exe
0142ab50-951f-11ec-ba70-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba75-4ea9000dfafc.exe
0142ab50-951f-11ec-ba75-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\SelectConnect.cab
2⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7b-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7b-4ea9000dfafc.exe C:\\Users\Admin\Desktop\ApproveCheckpoint.avi
2⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7f-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7f-4ea9000dfafc.exe C:\\Users\Admin\Desktop\RestartFormat.avi
2⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba83-4ea9000dfafc.exe
0142ab50-951f-11ec-ba83-4ea9000dfafc.exe C:\\Users\Admin\Documents\Are.docx
2⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7d-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7d-4ea9000dfafc.exe C:\\Users\Admin\Desktop\ConvertToDebug.zip
2⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba86-4ea9000dfafc.exe
0142ab50-951f-11ec-ba86-4ea9000dfafc.exe "C:\\Users\Admin\Documents\My Music"
2⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7c-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7c-4ea9000dfafc.exe C:\\Users\Admin\Desktop\BackupUninstall.vsd
2⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba84-4ea9000dfafc.exe
0142ab50-951f-11ec-ba84-4ea9000dfafc.exe C:\\Users\Admin\Documents\CompressDismount.xps
2⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba87-4ea9000dfafc.exe
0142ab50-951f-11ec-ba87-4ea9000dfafc.exe "C:\\Users\Admin\Documents\My Pictures"
2⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba81-4ea9000dfafc.exe
0142ab50-951f-11ec-ba81-4ea9000dfafc.exe C:\\Users\Admin\Desktop\WaitUndo.doc
2⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba79-4ea9000dfafc.exe
0142ab50-951f-11ec-ba79-4ea9000dfafc.exe C:\\Users\Admin\Contacts\Admin.contact
2⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7e-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7e-4ea9000dfafc.exe C:\\Users\Admin\Desktop\EnableUnlock.xml
2⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba85-4ea9000dfafc.exe
0142ab50-951f-11ec-ba85-4ea9000dfafc.exe C:\\Users\Admin\Documents\Files.docx
2⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba7a-4ea9000dfafc.exe
0142ab50-951f-11ec-ba7a-4ea9000dfafc.exe C:\\Users\Admin\Cookies
2⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\01473f30-951f-11ec-ba8d-4ea9000dfafc.exe
01473f30-951f-11ec-ba8d-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi"
2⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\01440ae0-951f-11ec-ba89-4ea9000dfafc.exe
01440ae0-951f-11ec-ba89-4ea9000dfafc.exe C:\\Users\Admin\Documents\These.docx
2⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\01454360-951f-11ec-ba8b-4ea9000dfafc.exe
01454360-951f-11ec-ba8b-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab"
2⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\0144a720-951f-11ec-ba89-4ea9000dfafc.exe
0144a720-951f-11ec-ba89-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml"
2⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\0144a720-951f-11ec-ba8a-4ea9000dfafc.exe
0144a720-951f-11ec-ba8a-4ea9000dfafc.exe C:\\Users\Admin\Documents\UnlockRevoke.xls
2⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\0146a2f0-951f-11ec-ba8c-4ea9000dfafc.exe
0146a2f0-951f-11ec-ba8c-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab"
2⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\01482990-951f-11ec-ba92-4ea9000dfafc.exe
01482990-951f-11ec-ba92-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab"
2⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\01476640-951f-11ec-ba8f-4ea9000dfafc.exe
01476640-951f-11ec-ba8f-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13290092064104400"
2⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\01482990-951f-11ec-ba91-4ea9000dfafc.exe
01482990-951f-11ec-ba91-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Links\Web Slice Gallery.url"
2⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba98-4ea9000dfafc.exe
014877b0-951f-11ec-ba98-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi"
2⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba97-4ea9000dfafc.exe
014877b0-951f-11ec-ba97-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSN Autos.url"
2⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\0148c5d0-951f-11ec-ba9a-4ea9000dfafc.exe
0148c5d0-951f-11ec-ba9a-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSN Sports.url"
2⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-ba9d-4ea9000dfafc.exe
0148ece0-951f-11ec-ba9d-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url"
2⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\0148c5d0-951f-11ec-ba9b-4ea9000dfafc.exe
0148c5d0-951f-11ec-ba9b-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml"
2⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-ba9c-4ea9000dfafc.exe
0148ece0-951f-11ec-ba9c-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSNBC News.url"
2⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\01493b00-951f-11ec-baa5-4ea9000dfafc.exe
01493b00-951f-11ec-baa5-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OFFICE\DocumentRepository.ico
2⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-ba9f-4ea9000dfafc.exe
0148ece0-951f-11ec-ba9f-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url"
2⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\0149d740-951f-11ec-baa6-4ea9000dfafc.exe
0149d740-951f-11ec-baa6-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll"
2⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-baa3-4ea9000dfafc.exe
0148ece0-951f-11ec-baa3-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi"
2⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\0149fe50-951f-11ec-baaa-4ea9000dfafc.exe
0149fe50-951f-11ec-baaa-4ea9000dfafc.exe C:\\Users\Admin\Music\GetResolve.xps
2⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\01493b00-951f-11ec-baa3-4ea9000dfafc.exe
01493b00-951f-11ec-baa3-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml"
2⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\01493b00-951f-11ec-baa4-4ea9000dfafc.exe
01493b00-951f-11ec-baa4-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Microsoft Websites\Microsoft Store.url"
2⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\0149fe50-951f-11ec-baa9-4ea9000dfafc.exe
0149fe50-951f-11ec-baa9-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab"
2⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\014a2560-951f-11ec-baac-4ea9000dfafc.exe
014a2560-951f-11ec-baac-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi"
2⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\014a9a90-951f-11ec-baaf-4ea9000dfafc.exe
014a9a90-951f-11ec-baaf-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml"
2⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\014ae8b0-951f-11ec-bab3-4ea9000dfafc.exe
014ae8b0-951f-11ec-bab3-4ea9000dfafc.exe C:\\Users\Admin\NTUSER.DAT
2⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\014b5de0-951f-11ec-bab7-4ea9000dfafc.exe
014b5de0-951f-11ec-bab7-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab"
2⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\014b84f0-951f-11ec-bab9-4ea9000dfafc.exe
014b84f0-951f-11ec-bab9-4ea9000dfafc.exe C:\\Users\Admin\Pictures\ConvertWait.jpg
2⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\014a2560-951f-11ec-baad-4ea9000dfafc.exe
014a2560-951f-11ec-baad-4ea9000dfafc.exe C:\\Users\Admin\Music\SubmitSave.xls
2⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\014ae8b0-951f-11ec-bab4-4ea9000dfafc.exe
014ae8b0-951f-11ec-bab4-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\msvcr90.dll"
2⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\014bac00-951f-11ec-babd-4ea9000dfafc.exe
014bac00-951f-11ec-babd-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi"
2⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\014a2560-951f-11ec-baab-4ea9000dfafc.exe
014a2560-951f-11ec-baab-4ea9000dfafc.exe C:\\Users\Admin\Music\StartLimit.xlsx
2⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\014b0fc0-951f-11ec-bab5-4ea9000dfafc.exe
014b0fc0-951f-11ec-bab5-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm"
2⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\014a2560-951f-11ec-baaa-4ea9000dfafc.exe
014a2560-951f-11ec-baaa-4ea9000dfafc.exe C:\\Users\Admin\Music\PopPing.docx
2⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\014b84f0-951f-11ec-babb-4ea9000dfafc.exe
014b84f0-951f-11ec-babb-4ea9000dfafc.exe C:\\Users\Admin\Pictures\NewSearch.ico
2⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\014a9a90-951f-11ec-bab0-4ea9000dfafc.exe
014a9a90-951f-11ec-bab0-4ea9000dfafc.exe "C:\\Users\Admin\My Documents"
2⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\014b0fc0-951f-11ec-bab6-4ea9000dfafc.exe
014b0fc0-951f-11ec-bab6-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm"
2⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\014ac1a0-951f-11ec-bab1-4ea9000dfafc.exe
014ac1a0-951f-11ec-bab1-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml"
2⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\014c2130-951f-11ec-bac3-4ea9000dfafc.exe
014c2130-951f-11ec-bac3-4ea9000dfafc.exe C:\\Users\Admin\Pictures\ResolveStep.bmp
2⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\014bfa20-951f-11ec-bac3-4ea9000dfafc.exe
014bfa20-951f-11ec-bac3-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml"
2⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\0145dfa0-951f-11ec-ba8b-4ea9000dfafc.exe
0145dfa0-951f-11ec-ba8b-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi"
2⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\014bfa20-951f-11ec-bac1-4ea9000dfafc.exe
014bfa20-951f-11ec-bac1-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccLR.cab"
2⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\014b84f0-951f-11ec-baba-4ea9000dfafc.exe
014b84f0-951f-11ec-baba-4ea9000dfafc.exe C:\\Users\Admin\Pictures\NewEnable.png
2⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\014d0b90-951f-11ec-bad5-4ea9000dfafc.exe
014d0b90-951f-11ec-bad5-4ea9000dfafc.exe C:\\Users\Default\Cookies
2⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\014d0b90-951f-11ec-bad4-4ea9000dfafc.exe
014d0b90-951f-11ec-bad4-4ea9000dfafc.exe C:\\ProgramData\Documents
2⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\014c2130-951f-11ec-bac6-4ea9000dfafc.exe
014c2130-951f-11ec-bac6-4ea9000dfafc.exe C:\\Users\Admin\Pictures\Wallpaper.jpg
2⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\014da7d0-951f-11ec-badd-4ea9000dfafc.exe
014da7d0-951f-11ec-badd-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png"
2⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\014df5f0-951f-11ec-bae1-4ea9000dfafc.exe
014df5f0-951f-11ec-bae1-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png"
2⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-baea-4ea9000dfafc.exe
014ee050-951f-11ec-baea-4ea9000dfafc.exe "C:\\Users\Public\Documents\My Music"
2⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\014d80c0-951f-11ec-badd-4ea9000dfafc.exe
014d80c0-951f-11ec-badd-4ea9000dfafc.exe "C:\\Users\Default\Local Settings"
2⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\014c6f50-951f-11ec-bace-4ea9000dfafc.exe
014c6f50-951f-11ec-bace-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\014d59b0-951f-11ec-bad9-4ea9000dfafc.exe
014d59b0-951f-11ec-bad9-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml"
2⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\014c9660-951f-11ec-bad2-4ea9000dfafc.exe
014c9660-951f-11ec-bad2-4ea9000dfafc.exe "C:\\ProgramData\Application Data"
2⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\014d59b0-951f-11ec-bad5-4ea9000dfafc.exe
014d59b0-951f-11ec-bad5-4ea9000dfafc.exe "C:\\Users\Default\Documents\My Pictures"
2⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\014dcee0-951f-11ec-bade-4ea9000dfafc.exe
014dcee0-951f-11ec-bade-4ea9000dfafc.exe C:\\Users\Default\NTUSER.DAT
2⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\014f5580-951f-11ec-baf5-4ea9000dfafc.exe
014f5580-951f-11ec-baf5-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Desert.jpg"
2⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\014f5580-951f-11ec-baf4-4ea9000dfafc.exe
014f5580-951f-11ec-baf4-4ea9000dfafc.exe "C:\\Users\Public\Music\Sample Music\Sleep Away.mp3"
2⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\014d32a0-951f-11ec-bad5-4ea9000dfafc.exe
014d32a0-951f-11ec-bad5-4ea9000dfafc.exe "C:\\Users\Default\Documents\My Music"
2⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\014f0760-951f-11ec-baee-4ea9000dfafc.exe
014f0760-951f-11ec-baee-4ea9000dfafc.exe "C:\\Users\Public\Music\Sample Music\Kalimba.mp3"
2⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\014da7d0-951f-11ec-bade-4ea9000dfafc.exe
014da7d0-951f-11ec-bade-4ea9000dfafc.exe "C:\\Users\Default\My Documents"
2⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\014f7c90-951f-11ec-baf7-4ea9000dfafc.exe
014f7c90-951f-11ec-baf7-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg"
2⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baf1-4ea9000dfafc.exe
014f2e70-951f-11ec-baf1-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico"
2⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-baec-4ea9000dfafc.exe
014ee050-951f-11ec-baec-4ea9000dfafc.exe "C:\\Users\Public\Documents\My Videos"
2⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baf3-4ea9000dfafc.exe
014f2e70-951f-11ec-baf3-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico"
2⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\01508e00-951f-11ec-bb09-4ea9000dfafc.exe
01508e00-951f-11ec-bb09-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp"
2⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-baeb-4ea9000dfafc.exe
014ee050-951f-11ec-baeb-4ea9000dfafc.exe "C:\\Users\Public\Documents\My Pictures"
2⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\014c4840-951f-11ec-bacc-4ea9000dfafc.exe
014c4840-951f-11ec-bacc-4ea9000dfafc.exe "C:\\Users\All Users"
2⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\014c6f50-951f-11ec-bad1-4ea9000dfafc.exe
014c6f50-951f-11ec-bad1-4ea9000dfafc.exe "C:\\Users\Default\AppData\Local\Temporary Internet Files"
2⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\014e9230-951f-11ec-bae6-4ea9000dfafc.exe
014e9230-951f-11ec-bae6-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\es-ES\resource.xml"
2⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\014c4840-951f-11ec-bac6-4ea9000dfafc.exe
014c4840-951f-11ec-bac6-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\branding.xml"
2⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\014e4410-951f-11ec-bae4-4ea9000dfafc.exe
014e4410-951f-11ec-bae4-4ea9000dfafc.exe "C:\\Users\Default\Start Menu"
2⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\014f5580-951f-11ec-baf3-4ea9000dfafc.exe
014f5580-951f-11ec-baf3-4ea9000dfafc.exe "C:\\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3"
2⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\014f0760-951f-11ec-baec-4ea9000dfafc.exe
014f0760-951f-11ec-baec-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico"
2⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\014e6b20-951f-11ec-bae4-4ea9000dfafc.exe
014e6b20-951f-11ec-bae4-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OFFICE\MySharePoints.ico
2⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\014dcee0-951f-11ec-bae1-4ea9000dfafc.exe
014dcee0-951f-11ec-bae1-4ea9000dfafc.exe C:\\Users\Default\PrintHood
2⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\014eb940-951f-11ec-bae6-4ea9000dfafc.exe
014eb940-951f-11ec-bae6-4ea9000dfafc.exe "C:\\Users\Default User"
2⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\01503fe0-951f-11ec-bb03-4ea9000dfafc.exe
01503fe0-951f-11ec-bb03-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico
2⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\014e4410-951f-11ec-bae1-4ea9000dfafc.exe
014e4410-951f-11ec-bae1-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\de-DE\resource.xml"
2⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\015066f0-951f-11ec-bb05-4ea9000dfafc.exe
015066f0-951f-11ec-bb05-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
2⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\0160baa0-951f-11ec-bb95-4ea9000dfafc.exe
0160baa0-951f-11ec-bb95-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
2⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bba0-4ea9000dfafc.exe
0161a500-951f-11ec-bba0-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001"
2⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\0140fda0-951f-11ec-ba6b-4ea9000dfafc.exe
0140fda0-951f-11ec-ba6b-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\01425d30-951f-11ec-ba6e-4ea9000dfafc.exe
01425d30-951f-11ec-ba6e-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi"
2⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\015066f0-951f-11ec-bb07-4ea9000dfafc.exe
015066f0-951f-11ec-bb07-4ea9000dfafc.exe C:\\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
2⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb9d-4ea9000dfafc.exe
0161a500-951f-11ec-bb9d-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg"
2⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\01598eb0-951f-11ec-bb49-4ea9000dfafc.exe
01598eb0-951f-11ec-bb49-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\container.dat"
2⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-bae9-4ea9000dfafc.exe
014ee050-951f-11ec-bae9-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ja-JP\resource.xml"
2⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\014ff1c0-951f-11ec-baff-4ea9000dfafc.exe
014ff1c0-951f-11ec-baff-4ea9000dfafc.exe "C:\\Users\Public\Videos\Sample Videos\Wildlife.wmv"
2⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\014f5580-951f-11ec-baf6-4ea9000dfafc.exe
014f5580-951f-11ec-baf6-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\de-DE\resource.xml"
2⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\014f7c90-951f-11ec-baf8-4ea9000dfafc.exe
014f7c90-951f-11ec-baf8-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml"
2⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\012e38f0-951f-11ec-ba63-4ea9000dfafc.exe
012e38f0-951f-11ec-ba63-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml"
2⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\014fcab0-951f-11ec-bafa-4ea9000dfafc.exe
014fcab0-951f-11ec-bafa-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg"
2⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\0150dc20-951f-11ec-bb0e-4ea9000dfafc.exe
0150dc20-951f-11ec-bb0e-4ea9000dfafc.exe C:\\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll
2⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\0153c250-951f-11ec-bb1b-4ea9000dfafc.exe
0153c250-951f-11ec-bb1b-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp"
2⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\01519f70-951f-11ec-bb13-4ea9000dfafc.exe
01519f70-951f-11ec-bb13-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp"
2⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\01319450-951f-11ec-ba64-4ea9000dfafc.exe
01319450-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\01364f40-951f-11ec-ba64-4ea9000dfafc.exe
01364f40-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe"
2⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\01480280-951f-11ec-ba90-4ea9000dfafc.exe
01480280-951f-11ec-ba90-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml"
2⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\015ac730-951f-11ec-bb54-4ea9000dfafc.exe
015ac730-951f-11ec-bb54-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\1BBC7759CBC162CA4A6DD44B4D4454193297867E
2⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\014c4840-951f-11ec-bac9-4ea9000dfafc.exe
014c4840-951f-11ec-bac9-4ea9000dfafc.exe C:\\Users\Admin\SendTo
2⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\015c4dd0-951f-11ec-bb5e-4ea9000dfafc.exe
015c4dd0-951f-11ec-bb5e-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb39-4ea9000dfafc.exe
0158a450-951f-11ec-bb39-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version"
2⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\015c4dd0-951f-11ec-bb60-4ea9000dfafc.exe
015c4dd0-951f-11ec-bb60-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\C4483C658D2353FC3956D815B401B6561FFA153E
2⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\014fa3a0-951f-11ec-bafa-4ea9000dfafc.exe
014fa3a0-951f-11ec-bafa-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\es-ES\resource.xml"
2⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\0156cf90-951f-11ec-bb36-4ea9000dfafc.exe
0156cf90-951f-11ec-bb36-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data"
2⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\0163eef0-951f-11ec-bba2-4ea9000dfafc.exe
0163eef0-951f-11ec-bba2-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal"
2⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\014e9230-951f-11ec-bae5-4ea9000dfafc.exe
014e9230-951f-11ec-bae5-4ea9000dfafc.exe C:\\Users\Default\Templates
2⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb3a-4ea9000dfafc.exe
0158a450-951f-11ec-bb3a-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State"
2⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\01414bc0-951f-11ec-ba6d-4ea9000dfafc.exe
01414bc0-951f-11ec-ba6d-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\faxxuvis.default-release\SiteSecurityServiceState.txt
2⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\015a03e0-951f-11ec-bb4d-4ea9000dfafc.exe
015a03e0-951f-11ec-bb4d-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt"
2⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\015066f0-951f-11ec-bb03-4ea9000dfafc.exe
015066f0-951f-11ec-bb03-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico"
2⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\014b5de0-951f-11ec-bab9-4ea9000dfafc.exe
014b5de0-951f-11ec-bab9-4ea9000dfafc.exe C:\\Users\Admin\Pictures\ConvertToWatch.jpeg
2⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\014a4c70-951f-11ec-baae-4ea9000dfafc.exe
014a4c70-951f-11ec-baae-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml"
2⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\014f0760-951f-11ec-baed-4ea9000dfafc.exe
014f0760-951f-11ec-baed-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico"
2⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\01632ba0-951f-11ec-bba1-4ea9000dfafc.exe
01632ba0-951f-11ec-bba1-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3"
2⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb3d-4ea9000dfafc.exe
0158a450-951f-11ec-bb3d-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1"
2⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\0163eef0-951f-11ec-bba5-4ea9000dfafc.exe
0163eef0-951f-11ec-bba5-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG"
2⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\01654e80-951f-11ec-bbae-4ea9000dfafc.exe
01654e80-951f-11ec-bbae-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001"
2⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\01496210-951f-11ec-baa5-4ea9000dfafc.exe
01496210-951f-11ec-baa5-4ea9000dfafc.exe "C:\\Users\Admin\Local Settings"
2⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\015aa020-951f-11ec-bb53-4ea9000dfafc.exe
015aa020-951f-11ec-bb53-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsYSw=
2⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\015aa020-951f-11ec-bb52-4ea9000dfafc.exe
015aa020-951f-11ec-bb52-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUs
2⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb83-4ea9000dfafc.exe
015e49a0-951f-11ec-bb83-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
2⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\0164d950-951f-11ec-bbac-4ea9000dfafc.exe
0164d950-951f-11ec-bbac-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal"
2⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\01612fd0-951f-11ec-bb99-4ea9000dfafc.exe
01612fd0-951f-11ec-bb99-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
2⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\01432080-951f-11ec-ba87-4ea9000dfafc.exe
01432080-951f-11ec-ba87-4ea9000dfafc.exe "C:\\Users\Admin\Documents\My Videos"
2⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2a-4ea9000dfafc.exe
01560c40-951f-11ec-bb2a-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK"
2⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\015b8a80-951f-11ec-bb5c-4ea9000dfafc.exe
015b8a80-951f-11ec-bb5c-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\9B0482F4CCDB33BB647AF69825EA127CC02AD57E
2⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb8c-4ea9000dfafc.exe
015e49a0-951f-11ec-bb8c-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat"
2⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\01545e90-951f-11ec-bb21-4ea9000dfafc.exe
01545e90-951f-11ec-bb21-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\index"
2⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\014f7c90-951f-11ec-baf6-4ea9000dfafc.exe
014f7c90-951f-11ec-baf6-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg"
2⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\0154d3c0-951f-11ec-bb24-4ea9000dfafc.exe
0154d3c0-951f-11ec-bb24-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp"
2⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\0163eef0-951f-11ec-bba3-4ea9000dfafc.exe
0163eef0-951f-11ec-bba3-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT"
2⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb9c-4ea9000dfafc.exe
0161a500-951f-11ec-bb9c-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\0162dd80-951f-11ec-bba1-4ea9000dfafc.exe
0162dd80-951f-11ec-bba1-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2"
2⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\01471820-951f-11ec-ba8d-4ea9000dfafc.exe
01471820-951f-11ec-ba8d-4ea9000dfafc.exe C:\\Users\Admin\Downloads\SyncSkip.jpg
2⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\01523bb0-951f-11ec-bb16-4ea9000dfafc.exe
01523bb0-951f-11ec-bb16-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001"
2⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\014dcee0-951f-11ec-bae0-4ea9000dfafc.exe
014dcee0-951f-11ec-bae0-4ea9000dfafc.exe C:\\Users\Default\NetHood
2⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\014c9660-951f-11ec-bad3-4ea9000dfafc.exe
014c9660-951f-11ec-bad3-4ea9000dfafc.exe C:\\ProgramData\Desktop
2⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\0138c040-951f-11ec-ba64-4ea9000dfafc.exe
0138c040-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
2⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\01473f30-951f-11ec-ba8e-4ea9000dfafc.exe
01473f30-951f-11ec-ba8e-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml"
2⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2d-4ea9000dfafc.exe
01560c40-951f-11ec-bb2d-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites"
2⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\0144f540-951f-11ec-ba8a-4ea9000dfafc.exe
0144f540-951f-11ec-ba8a-4ea9000dfafc.exe C:\\Users\Admin\Downloads\InitializeRestore.txt
2⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\015b8a80-951f-11ec-bb5d-4ea9000dfafc.exe
015b8a80-951f-11ec-bb5d-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\A9CD9A35F7588F07426AF0917E6F3EDE3BDBCF6B
2⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\0161cc10-951f-11ec-bba1-4ea9000dfafc.exe
0161cc10-951f-11ec-bba1-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal"
2⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\015ff750-951f-11ec-bb92-4ea9000dfafc.exe
015ff750-951f-11ec-bb92-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001"
2⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\0153c250-951f-11ec-bb1c-4ea9000dfafc.exe
0153c250-951f-11ec-bb1c-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp"
2⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\01503fe0-951f-11ec-bb02-4ea9000dfafc.exe
01503fe0-951f-11ec-bb02-4ea9000dfafc.exe C:\\vcredist2010_x86.log-MSI_vc_red.msi.txt
2⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb38-4ea9000dfafc.exe
0158a450-951f-11ec-bb38-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index"
2⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\01591980-951f-11ec-bb43-4ea9000dfafc.exe
01591980-951f-11ec-bb43-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\HN51W9NV\fwlink[1]"
2⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\0150b510-951f-11ec-bb0b-4ea9000dfafc.exe
0150b510-951f-11ec-bb0b-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico"
2⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\014a4c70-951f-11ec-baad-4ea9000dfafc.exe
014a4c70-951f-11ec-baad-4ea9000dfafc.exe C:\\Users\Admin\Music\TestNew.ico
2⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb9e-4ea9000dfafc.exe
0161a500-951f-11ec-bb9e-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK"
2⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\0150b510-951f-11ec-bb0d-4ea9000dfafc.exe
0150b510-951f-11ec-bb0d-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp"
2⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\015aa020-951f-11ec-bb50-4ea9000dfafc.exe
015aa020-951f-11ec-bb50-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\015a7910-951f-11ec-bb4f-4ea9000dfafc.exe
015a7910-951f-11ec-bb4f-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
2⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb8b-4ea9000dfafc.exe
015e49a0-951f-11ec-bb8b-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
2⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\01476640-951f-11ec-ba8e-4ea9000dfafc.exe
01476640-951f-11ec-ba8e-4ea9000dfafc.exe C:\\Users\Admin\Downloads\UnpublishRedo.rtf
2⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\01423620-951f-11ec-ba6d-4ea9000dfafc.exe
01423620-951f-11ec-ba6d-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab"
2⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\015a7910-951f-11ec-bb50-4ea9000dfafc.exe
015a7910-951f-11ec-bb50-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\014e9230-951f-11ec-bae4-4ea9000dfafc.exe
014e9230-951f-11ec-bae4-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml"
2⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba63-4ea9000dfafc.exe
0130f810-951f-11ec-ba63-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab"
2⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb9b-4ea9000dfafc.exe
0161a500-951f-11ec-bb9b-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb30-4ea9000dfafc.exe
01568170-951f-11ec-bb30-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp"
2⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb84-4ea9000dfafc.exe
015e49a0-951f-11ec-bb84-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Application Data"
2⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\01632ba0-951f-11ec-bba2-4ea9000dfafc.exe
01632ba0-951f-11ec-bba2-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index"
2⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\0159b5c0-951f-11ec-bb4a-4ea9000dfafc.exe
0159b5c0-951f-11ec-bb4a-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{05DC6F20-94A2-11EC-A34F-6E44B9307EE0}.dat"
2⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\01580810-951f-11ec-bb36-4ea9000dfafc.exe
01580810-951f-11ec-bb36-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1"
2⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb74-4ea9000dfafc.exe
015e49a0-951f-11ec-bb74-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\ose00000.exe
2⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\014c9660-951f-11ec-bad1-4ea9000dfafc.exe
014c9660-951f-11ec-bad1-4ea9000dfafc.exe C:\\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml
2⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\015b8a80-951f-11ec-bb5b-4ea9000dfafc.exe
015b8a80-951f-11ec-bb5b-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\97E8D217D59733C5DAC8BF6D74564B40D930A09A
2⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\015dad60-951f-11ec-bb67-4ea9000dfafc.exe
015dad60-951f-11ec-bb67-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab"
2⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\01609390-951f-11ec-bb93-4ea9000dfafc.exe
01609390-951f-11ec-bb93-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24
2⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\015289d0-951f-11ec-bb17-4ea9000dfafc.exe
015289d0-951f-11ec-bb17-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index"
2⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\015e2290-951f-11ec-bb69-4ea9000dfafc.exe
015e2290-951f-11ec-bb69-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab"
2⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\015b3c60-951f-11ec-bb58-4ea9000dfafc.exe
015b3c60-951f-11ec-bb58-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0
2⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\015018d0-951f-11ec-bb02-4ea9000dfafc.exe
015018d0-951f-11ec-bb02-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ja-JP\resource.xml"
2⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\01508e00-951f-11ec-bb07-4ea9000dfafc.exe
01508e00-951f-11ec-bb07-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico"
2⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\015066f0-951f-11ec-bb04-4ea9000dfafc.exe
015066f0-951f-11ec-bb04-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico
2⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\015dfb80-951f-11ec-bb69-4ea9000dfafc.exe
015dfb80-951f-11ec-bb69-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20220223_115949392.html"
2⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\014fcab0-951f-11ec-bafc-4ea9000dfafc.exe
014fcab0-951f-11ec-bafc-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Tulips.jpg"
2⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb82-4ea9000dfafc.exe
015e49a0-951f-11ec-bb82-4ea9000dfafc.exe C:\\ProgramData\Templates
2⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb70-4ea9000dfafc.exe
015e49a0-951f-11ec-bb70-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI1E44.txt
2⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\015ff750-951f-11ec-bb91-4ea9000dfafc.exe
015ff750-951f-11ec-bb91-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3"
2⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba94-4ea9000dfafc.exe
014877b0-951f-11ec-ba94-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi"
2⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\014fcab0-951f-11ec-bafb-4ea9000dfafc.exe
014fcab0-951f-11ec-bafb-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Penguins.jpg"
2⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\015018d0-951f-11ec-baff-4ea9000dfafc.exe
015018d0-951f-11ec-baff-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\it-IT\resource.xml"
2⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\014fa3a0-951f-11ec-baf8-4ea9000dfafc.exe
014fa3a0-951f-11ec-baf8-4ea9000dfafc.exe "C:\\Users\Public\Pictures\Sample Pictures\Koala.jpg"
2⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\015e97c0-951f-11ec-bb8e-4ea9000dfafc.exe
015e97c0-951f-11ec-bb8e-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E11E75149C17A93653DA7DC0B8CF53F_8F360D4ACE5D7CEC2FF3EF4F09601250
2⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb31-4ea9000dfafc.exe
01568170-951f-11ec-bb31-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp"
2⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\01517860-951f-11ec-bb12-4ea9000dfafc.exe
01517860-951f-11ec-bb12-4ea9000dfafc.exe C:\\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
2⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\01643d10-951f-11ec-bba8-4ea9000dfafc.exe
01643d10-951f-11ec-bba8-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History-journal"
2⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\014431f0-951f-11ec-ba89-4ea9000dfafc.exe
014431f0-951f-11ec-ba89-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi"
2⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\0154acb0-951f-11ec-bb23-4ea9000dfafc.exe
0154acb0-951f-11ec-bb23-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp"
2⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb76-4ea9000dfafc.exe
015e49a0-951f-11ec-bb76-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E11E75149C17A93653DA7DC0B8CF53F_8F360D4ACE5D7CEC2FF3EF4F09601250
2⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\0152b0e0-951f-11ec-bb17-4ea9000dfafc.exe
0152b0e0-951f-11ec-bb17-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp"
2⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\015485a0-951f-11ec-bb22-4ea9000dfafc.exe
015485a0-951f-11ec-bb22-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp"
2⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-ba9e-4ea9000dfafc.exe
0148ece0-951f-11ec-ba9e-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url"
2⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb75-4ea9000dfafc.exe
015e49a0-951f-11ec-bb75-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Temporary Internet Files"
2⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\015548f0-951f-11ec-bb24-4ea9000dfafc.exe
015548f0-951f-11ec-bb24-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001"
2⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb8a-4ea9000dfafc.exe
015e49a0-951f-11ec-bb8a-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
2⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\0134efb0-951f-11ec-ba64-4ea9000dfafc.exe
0134efb0-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll"
2⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\014e4410-951f-11ec-bae3-4ea9000dfafc.exe
014e4410-951f-11ec-bae3-4ea9000dfafc.exe C:\\Users\Default\SendTo
2⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\014ff1c0-951f-11ec-bafc-4ea9000dfafc.exe
014ff1c0-951f-11ec-bafc-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico"
2⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\01557000-951f-11ec-bb26-4ea9000dfafc.exe
01557000-951f-11ec-bb26-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOCK"
2⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\0161cc10-951f-11ec-bba0-4ea9000dfafc.exe
0161cc10-951f-11ec-bba0-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons"
2⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-baa0-4ea9000dfafc.exe
0148ece0-951f-11ec-baa0-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab"
2⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\01591980-951f-11ec-bb45-4ea9000dfafc.exe
01591980-951f-11ec-bb45-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\HPDMG12Q\fwlink[1]"
2⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\01641600-951f-11ec-bba7-4ea9000dfafc.exe
01641600-951f-11ec-bba7-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal"
2⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb7f-4ea9000dfafc.exe
015e49a0-951f-11ec-bb7f-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
2⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\014c2130-951f-11ec-bac4-4ea9000dfafc.exe
014c2130-951f-11ec-bac4-4ea9000dfafc.exe C:\\Users\Admin\Pictures\SendResolve.jpg
2⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\01517860-951f-11ec-bb0f-4ea9000dfafc.exe
01517860-951f-11ec-bb0f-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp"
2⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\01641600-951f-11ec-bba6-4ea9000dfafc.exe
01641600-951f-11ec-bba6-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data"
2⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb72-4ea9000dfafc.exe
015e49a0-951f-11ec-bb72-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20220223_120012_980.txt
2⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\015dd470-951f-11ec-bb67-4ea9000dfafc.exe
015dd470-951f-11ec-bb67-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi"
2⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb6c-4ea9000dfafc.exe
015e49a0-951f-11ec-bb6c-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
2⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\014ff1c0-951f-11ec-bafe-4ea9000dfafc.exe
014ff1c0-951f-11ec-bafe-4ea9000dfafc.exe "C:\\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv"
2⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\014c4840-951f-11ec-bacb-4ea9000dfafc.exe
014c4840-951f-11ec-bacb-4ea9000dfafc.exe C:\\Users\Admin\Templates
2⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\0146ca00-951f-11ec-ba8c-4ea9000dfafc.exe
0146ca00-951f-11ec-ba8c-4ea9000dfafc.exe C:\\Users\Admin\Downloads\SelectRequest.vsd
2⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\015b8a80-951f-11ec-bb5a-4ea9000dfafc.exe
015b8a80-951f-11ec-bb5a-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\94782C45DA6D1B2803CD3FD06F4F5E71BFF2B38D
2⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-bae8-4ea9000dfafc.exe
014ee050-951f-11ec-bae8-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\it-IT\resource.xml"
2⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\0148c5d0-951f-11ec-ba99-4ea9000dfafc.exe
0148c5d0-951f-11ec-ba99-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSN Money.url"
2⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\01591980-951f-11ec-bb44-4ea9000dfafc.exe
01591980-951f-11ec-bb44-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\HN51W9NV\fwlink[2]"
2⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\01606c80-951f-11ec-bb92-4ea9000dfafc.exe
01606c80-951f-11ec-bb92-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index"
2⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\01609390-951f-11ec-bb92-4ea9000dfafc.exe
01609390-951f-11ec-bb92-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index"
2⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\01557000-951f-11ec-bb27-4ea9000dfafc.exe
01557000-951f-11ec-bb27-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG"
2⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\015c74e0-951f-11ec-bb60-4ea9000dfafc.exe
015c74e0-951f-11ec-bb60-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\2924701964\zmstage.exe
2⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\015f3400-951f-11ec-bb8f-4ea9000dfafc.exe
015f3400-951f-11ec-bb8f-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE
2⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\0157b9f0-951f-11ec-bb36-4ea9000dfafc.exe
0157b9f0-951f-11ec-bb36-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\First Run"
2⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baf0-4ea9000dfafc.exe
014f2e70-951f-11ec-baf0-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico"
2⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\0163eef0-951f-11ec-bba4-4ea9000dfafc.exe
0163eef0-951f-11ec-bba4-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK"
2⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\015018d0-951f-11ec-bb01-4ea9000dfafc.exe
015018d0-951f-11ec-bb01-4ea9000dfafc.exe C:\\vcredist2010_x64.log.html
2⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baee-4ea9000dfafc.exe
014f2e70-951f-11ec-baee-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml"
2⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\01594090-951f-11ec-bb47-4ea9000dfafc.exe
01594090-951f-11ec-bb47-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\PAHLSM1Y\fwlink[2]"
2⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\01508e00-951f-11ec-bb08-4ea9000dfafc.exe
01508e00-951f-11ec-bb08-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Admin.dat"
2⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb7d-4ea9000dfafc.exe
015e49a0-951f-11ec-bb7d-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
2⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\01517860-951f-11ec-bb10-4ea9000dfafc.exe
01517860-951f-11ec-bb10-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp"
2⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\015fd040-951f-11ec-bb91-4ea9000dfafc.exe
015fd040-951f-11ec-bb91-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_F70553637B9F26717122C4DAFA3ADB11
2⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\015d3830-951f-11ec-bb62-4ea9000dfafc.exe
015d3830-951f-11ec-bb62-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
2⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb78-4ea9000dfafc.exe
015e49a0-951f-11ec-bb78-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_7A0EF9A6B71F8BD440FF79468695184C
2⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\01612fd0-951f-11ec-bb98-4ea9000dfafc.exe
01612fd0-951f-11ec-bb98-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
2⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\01582f20-951f-11ec-bb37-4ea9000dfafc.exe
01582f20-951f-11ec-bb37-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp"
2⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\0160baa0-951f-11ec-bb93-4ea9000dfafc.exe
0160baa0-951f-11ec-bb93-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index"
2⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\01345370-951f-11ec-ba64-4ea9000dfafc.exe
01345370-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\sj170800.cab
2⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb6d-4ea9000dfafc.exe
015e49a0-951f-11ec-bb6d-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab"
2⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\0144f540-951f-11ec-ba8b-4ea9000dfafc.exe
0144f540-951f-11ec-ba8b-4ea9000dfafc.exe C:\\Users\Admin\Downloads\MeasureRemove.gif
2⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\013edac0-951f-11ec-ba67-4ea9000dfafc.exe
013edac0-951f-11ec-ba67-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab"
2⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\01557000-951f-11ec-bb24-4ea9000dfafc.exe
01557000-951f-11ec-bb24-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State"
2⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\015a5200-951f-11ec-bb4e-4ea9000dfafc.exe
015a5200-951f-11ec-bb4e-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\rx62z5k\imagestore.dat"
2⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\0158f270-951f-11ec-bb40-4ea9000dfafc.exe
0158f270-951f-11ec-bb40-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index"
2⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2c-4ea9000dfafc.exe
01560c40-951f-11ec-bb2c-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001"
2⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\0158f270-951f-11ec-bb42-4ea9000dfafc.exe
0158f270-951f-11ec-bb42-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp"
2⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\01519f70-951f-11ec-bb14-4ea9000dfafc.exe
01519f70-951f-11ec-bb14-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OFFICE\AssetLibrary.ico
2⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\014b0fc0-951f-11ec-bab4-4ea9000dfafc.exe
014b0fc0-951f-11ec-bab4-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll"
2⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\0150b510-951f-11ec-bb0c-4ea9000dfafc.exe
0150b510-951f-11ec-bb0c-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico"
2⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\01648b30-951f-11ec-bbab-4ea9000dfafc.exe
01648b30-951f-11ec-bbab-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001"
2⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\015066f0-951f-11ec-bb06-4ea9000dfafc.exe
015066f0-951f-11ec-bb06-4ea9000dfafc.exe C:\\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
2⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\0152b0e0-951f-11ec-bb18-4ea9000dfafc.exe
0152b0e0-951f-11ec-bb18-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index"
2⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\0138e750-951f-11ec-ba65-4ea9000dfafc.exe
0138e750-951f-11ec-ba65-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\CopyFormat.mp3
2⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\0145b890-951f-11ec-ba8b-4ea9000dfafc.exe
0145b890-951f-11ec-ba8b-4ea9000dfafc.exe C:\\Users\Admin\Downloads\RedoUnprotect.pub
2⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\01582f20-951f-11ec-bb38-4ea9000dfafc.exe
01582f20-951f-11ec-bb38-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3"
2⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\0152d7f0-951f-11ec-bb18-4ea9000dfafc.exe
0152d7f0-951f-11ec-bb18-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp"
2⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\014d59b0-951f-11ec-bad7-4ea9000dfafc.exe
014d59b0-951f-11ec-bad7-4ea9000dfafc.exe C:\\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_1a933a73-4d03-4b91-8cac-7b66f466e846
2⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\01480280-951f-11ec-ba91-4ea9000dfafc.exe
01480280-951f-11ec-ba91-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\01557000-951f-11ec-bb28-4ea9000dfafc.exe
01557000-951f-11ec-bb28-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001"
2⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\01654e80-951f-11ec-bbaf-4ea9000dfafc.exe
01654e80-951f-11ec-bbaf-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0018BB1B5834735BFA60CD063B31956
2⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\01591980-951f-11ec-bb42-4ea9000dfafc.exe
01591980-951f-11ec-bb42-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\History
2⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\014e4410-951f-11ec-bae2-4ea9000dfafc.exe
014e4410-951f-11ec-bae2-4ea9000dfafc.exe C:\\Users\Default\Recent
2⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb3c-4ea9000dfafc.exe
0158a450-951f-11ec-bb3c-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0"
2⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\015dad60-951f-11ec-bb66-4ea9000dfafc.exe
015dad60-951f-11ec-bb66-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\Admin.bmp
2⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\014ac1a0-951f-11ec-bab0-4ea9000dfafc.exe
014ac1a0-951f-11ec-bab0-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\01467be0-951f-11ec-ba8b-4ea9000dfafc.exe
01467be0-951f-11ec-ba8b-4ea9000dfafc.exe C:\\Users\Admin\Downloads\SearchRedo.odt
2⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb7b-4ea9000dfafc.exe
015e49a0-951f-11ec-bb7b-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
2⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\014eb940-951f-11ec-bae7-4ea9000dfafc.exe
014eb940-951f-11ec-bae7-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico"
2⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb80-4ea9000dfafc.exe
015e49a0-951f-11ec-bb80-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
2⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\01517860-951f-11ec-bb13-4ea9000dfafc.exe
01517860-951f-11ec-bb13-4ea9000dfafc.exe C:\\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
2⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\014c6f50-951f-11ec-bacf-4ea9000dfafc.exe
014c6f50-951f-11ec-bacf-4ea9000dfafc.exe "C:\\Users\Default\AppData\Local\Application Data"
2⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb6e-4ea9000dfafc.exe
015e49a0-951f-11ec-bb6e-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt
2⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\015ac730-951f-11ec-bb55-4ea9000dfafc.exe
015ac730-951f-11ec-bb55-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\340A10D652987DF5E54312E31F5C22F6E8DBA574
2⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\0154d3c0-951f-11ec-bb23-4ea9000dfafc.exe
0154d3c0-951f-11ec-bb23-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG"
2⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\015a2af0-951f-11ec-bb4e-4ea9000dfafc.exe
015a2af0-951f-11ec-bb4e-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\0155e530-951f-11ec-bb2a-4ea9000dfafc.exe
0155e530-951f-11ec-bb2a-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT"
2⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\015214a0-951f-11ec-bb15-4ea9000dfafc.exe
015214a0-951f-11ec-bb15-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp"
2⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb8d-4ea9000dfafc.exe
015e49a0-951f-11ec-bb8d-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
2⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\01650060-951f-11ec-bbad-4ea9000dfafc.exe
01650060-951f-11ec-bbad-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT"
2⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\015289d0-951f-11ec-bb16-4ea9000dfafc.exe
015289d0-951f-11ec-bb16-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp"
2⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\013df060-951f-11ec-ba67-4ea9000dfafc.exe
013df060-951f-11ec-ba67-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\GetCompare.avi
2⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\015d5f40-951f-11ec-bb65-4ea9000dfafc.exe
015d5f40-951f-11ec-bb65-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
2⤵
- Suspicious behavior: RenamesItself
PID:3360

C:\Users\Admin\AppData\Local\Temp\014bac00-951f-11ec-babc-4ea9000dfafc.exe
014bac00-951f-11ec-babc-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml"
2⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\01576bd0-951f-11ec-bb36-4ea9000dfafc.exe
01576bd0-951f-11ec-bb36-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp"
2⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\01539b40-951f-11ec-bb1a-4ea9000dfafc.exe
01539b40-951f-11ec-bb1a-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp"
2⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\014c4840-951f-11ec-bac8-4ea9000dfafc.exe
014c4840-951f-11ec-bac8-4ea9000dfafc.exe C:\\Users\Admin\Recent
2⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba65-4ea9000dfafc.exe
013b5850-951f-11ec-ba65-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml"
2⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baf2-4ea9000dfafc.exe
014f2e70-951f-11ec-baf2-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml"
2⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\014d80c0-951f-11ec-bada-4ea9000dfafc.exe
014d80c0-951f-11ec-bada-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png"
2⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\01657590-951f-11ec-bbb0-4ea9000dfafc.exe
01657590-951f-11ec-bbb0-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT"
2⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb99-4ea9000dfafc.exe
0161a500-951f-11ec-bb99-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal"
2⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\014913f0-951f-11ec-baa3-4ea9000dfafc.exe
014913f0-951f-11ec-baa3-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url"
2⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\0158cb60-951f-11ec-bb3d-4ea9000dfafc.exe
0158cb60-951f-11ec-bb3d-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp"
2⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\015485a0-951f-11ec-bb21-4ea9000dfafc.exe
015485a0-951f-11ec-bb21-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT"
2⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb87-4ea9000dfafc.exe
015e49a0-951f-11ec-bb87-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\01650060-951f-11ec-bbae-4ea9000dfafc.exe
01650060-951f-11ec-bbae-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK"
2⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba93-4ea9000dfafc.exe
014877b0-951f-11ec-ba93-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\Links for United States\USA.gov.url"
2⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb81-4ea9000dfafc.exe
015e49a0-951f-11ec-bb81-4ea9000dfafc.exe "C:\\ProgramData\Start Menu"
2⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\014d59b0-951f-11ec-bad6-4ea9000dfafc.exe
014d59b0-951f-11ec-bad6-4ea9000dfafc.exe C:\\ProgramData\Favorites
2⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\01648b30-951f-11ec-bbac-4ea9000dfafc.exe
01648b30-951f-11ec-bbac-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences"
2⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\01557000-951f-11ec-bb25-4ea9000dfafc.exe
01557000-951f-11ec-bb25-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT"
2⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\0160e1b0-951f-11ec-bb97-4ea9000dfafc.exe
0160e1b0-951f-11ec-bb97-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index"
2⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\01541070-951f-11ec-bb1e-4ea9000dfafc.exe
01541070-951f-11ec-bb1e-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0"
2⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\015f3400-951f-11ec-bb90-4ea9000dfafc.exe
015f3400-951f-11ec-bb90-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2"
2⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-baa2-4ea9000dfafc.exe
0148ece0-951f-11ec-baa2-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab"
2⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\01323090-951f-11ec-ba64-4ea9000dfafc.exe
01323090-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe"
2⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\0156f6a0-951f-11ec-bb36-4ea9000dfafc.exe
0156f6a0-951f-11ec-bb36-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal"
2⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\0149d740-951f-11ec-baa8-4ea9000dfafc.exe
0149d740-951f-11ec-baa8-4ea9000dfafc.exe C:\\Users\Admin\Music\BackupProtect.xml
2⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2f-4ea9000dfafc.exe
01560c40-951f-11ec-bb2f-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp"
2⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\0161a500-951f-11ec-bb9f-4ea9000dfafc.exe
0161a500-951f-11ec-bb9f-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG"
2⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\0152d7f0-951f-11ec-bb19-4ea9000dfafc.exe
0152d7f0-951f-11ec-bb19-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index"
2⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba66-4ea9000dfafc.exe
013b5850-951f-11ec-ba66-4ea9000dfafc.exe C:\\Users\Admin\AppData\Roaming\EditRestart.cab
2⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\01559710-951f-11ec-bb28-4ea9000dfafc.exe
01559710-951f-11ec-bb28-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\CURRENT"
2⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\012eae20-951f-11ec-ba63-4ea9000dfafc.exe
012eae20-951f-11ec-ba63-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab"
2⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\014a9a90-951f-11ec-baae-4ea9000dfafc.exe
014a9a90-951f-11ec-baae-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi"
2⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\0147db70-951f-11ec-ba90-4ea9000dfafc.exe
0147db70-951f-11ec-ba90-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi"
2⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\01646420-951f-11ec-bba8-4ea9000dfafc.exe
01646420-951f-11ec-bba8-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State"
2⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\014c6f50-951f-11ec-bacc-4ea9000dfafc.exe
014c6f50-951f-11ec-bacc-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.msi"
2⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\0158f270-951f-11ec-bb41-4ea9000dfafc.exe
0158f270-951f-11ec-bb41-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt"
2⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\01598eb0-951f-11ec-bb48-4ea9000dfafc.exe
01598eb0-951f-11ec-bb48-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp"
2⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\015b8a80-951f-11ec-bb5e-4ea9000dfafc.exe
015b8a80-951f-11ec-bb5e-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\AEA5CF7114714145CBD9DC7C6B20B4FAA948B08D
2⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\0160e1b0-951f-11ec-bb96-4ea9000dfafc.exe
0160e1b0-951f-11ec-bb96-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index"
2⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\014c9660-951f-11ec-bad4-4ea9000dfafc.exe
014c9660-951f-11ec-bad4-4ea9000dfafc.exe "C:\\Users\Default\Application Data"
2⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\015e97c0-951f-11ec-bb8d-4ea9000dfafc.exe
015e97c0-951f-11ec-bb8d-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0"
2⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\0148ece0-951f-11ec-ba9b-4ea9000dfafc.exe
0148ece0-951f-11ec-ba9b-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSN.url"
2⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\01646420-951f-11ec-bba9-4ea9000dfafc.exe
01646420-951f-11ec-bba9-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT"
2⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\015d5f40-951f-11ec-bb64-4ea9000dfafc.exe
015d5f40-951f-11ec-bb64-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\015c4dd0-951f-11ec-bb5f-4ea9000dfafc.exe
015c4dd0-951f-11ec-bb5f-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\014f2e70-951f-11ec-baef-4ea9000dfafc.exe
014f2e70-951f-11ec-baef-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico"
2⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb88-4ea9000dfafc.exe
015e49a0-951f-11ec-bb88-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba82-4ea9000dfafc.exe
0142ab50-951f-11ec-ba82-4ea9000dfafc.exe C:\\Users\Admin\Documents\AddJoin.pub
2⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\01641600-951f-11ec-bba8-4ea9000dfafc.exe
01641600-951f-11ec-bba8-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History"
2⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\014ee050-951f-11ec-bae7-4ea9000dfafc.exe
014ee050-951f-11ec-bae7-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\fr-FR\resource.xml"
2⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\01508e00-951f-11ec-bb0a-4ea9000dfafc.exe
01508e00-951f-11ec-bb0a-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico"
2⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\015b6370-951f-11ec-bb5a-4ea9000dfafc.exe
015b6370-951f-11ec-bb5a-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab"
2⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\0155e530-951f-11ec-bb29-4ea9000dfafc.exe
0155e530-951f-11ec-bb29-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001"
2⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\01440ae0-951f-11ec-ba87-4ea9000dfafc.exe
01440ae0-951f-11ec-ba87-4ea9000dfafc.exe C:\\Users\Admin\Documents\ReadMeasure.doc
2⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba95-4ea9000dfafc.exe
014877b0-951f-11ec-ba95-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml"
2⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\01648b30-951f-11ec-bbaa-4ea9000dfafc.exe
01648b30-951f-11ec-bbaa-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG"
2⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\015b6370-951f-11ec-bb58-4ea9000dfafc.exe
015b6370-951f-11ec-bb58-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\8B9282465E6FDA0EED442D399E08CDC2B1ED5FF7
2⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\015aee40-951f-11ec-bb56-4ea9000dfafc.exe
015aee40-951f-11ec-bb56-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16
2⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\015ac730-951f-11ec-bb56-4ea9000dfafc.exe
015ac730-951f-11ec-bb56-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\4124EEF9521309B90976FD752D796AF305DA0840
2⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb89-4ea9000dfafc.exe
015e49a0-951f-11ec-bb89-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0018BB1B5834735BFA60CD063B31956
2⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\0148c5d0-951f-11ec-ba98-4ea9000dfafc.exe
0148c5d0-951f-11ec-ba98-4ea9000dfafc.exe "C:\\Users\Admin\Favorites\MSN Websites\MSN Entertainment.url"
2⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\0164d950-951f-11ec-bbad-4ea9000dfafc.exe
0164d950-951f-11ec-bbad-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences"
2⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\01598eb0-951f-11ec-bb47-4ea9000dfafc.exe
01598eb0-951f-11ec-bb47-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U0TQR0T7\fwlink[1]"
2⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb6f-4ea9000dfafc.exe
015e49a0-951f-11ec-bb6f-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1DE3.txt
2⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\014bfa20-951f-11ec-bac0-4ea9000dfafc.exe
014bfa20-951f-11ec-bac0-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\01541070-951f-11ec-bb1f-4ea9000dfafc.exe
01541070-951f-11ec-bb1f-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1"
2⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\01541070-951f-11ec-bb20-4ea9000dfafc.exe
01541070-951f-11ec-bb20-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_2"
2⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\01626850-951f-11ec-bba1-4ea9000dfafc.exe
01626850-951f-11ec-bba1-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1"
2⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\015c26c0-951f-11ec-bb5e-4ea9000dfafc.exe
015c26c0-951f-11ec-bb5e-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\B555235EB5230B93242A83F624CFE5AF42CB966B
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\01652770-951f-11ec-bbae-4ea9000dfafc.exe
01652770-951f-11ec-bbae-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG"
2⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\01362830-951f-11ec-ba64-4ea9000dfafc.exe
01362830-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\ss170800.cab
2⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\015d5f40-951f-11ec-bb63-4ea9000dfafc.exe
015d5f40-951f-11ec-bb63-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
2⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\01440ae0-951f-11ec-ba88-4ea9000dfafc.exe
01440ae0-951f-11ec-ba88-4ea9000dfafc.exe C:\\Users\Admin\Documents\Recently.docx
2⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\0136eb80-951f-11ec-ba64-4ea9000dfafc.exe
0136eb80-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab"
2⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\0150dc20-951f-11ec-bb0f-4ea9000dfafc.exe
0150dc20-951f-11ec-bb0f-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp"
2⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\015aa020-951f-11ec-bb54-4ea9000dfafc.exe
015aa020-951f-11ec-bb54-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\0FC25877B42B91EC00B7CCBA2ED45B52587179BC
2⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\01510330-951f-11ec-bb0f-4ea9000dfafc.exe
01510330-951f-11ec-bb0f-4ea9000dfafc.exe C:\\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll
2⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb34-4ea9000dfafc.exe
01568170-951f-11ec-bb34-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity"
2⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb32-4ea9000dfafc.exe
01568170-951f-11ec-bb32-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp"
2⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\015d3830-951f-11ec-bb61-4ea9000dfafc.exe
015d3830-951f-11ec-bb61-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\015cc300-951f-11ec-bb60-4ea9000dfafc.exe
015cc300-951f-11ec-bb60-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\01382400-951f-11ec-ba64-4ea9000dfafc.exe
01382400-951f-11ec-ba64-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml"
2⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\0160baa0-951f-11ec-bb94-4ea9000dfafc.exe
0160baa0-951f-11ec-bb94-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
2⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\01646420-951f-11ec-bbaa-4ea9000dfafc.exe
01646420-951f-11ec-bbaa-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOCK"
2⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\0154acb0-951f-11ec-bb22-4ea9000dfafc.exe
0154acb0-951f-11ec-bb22-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOCK"
2⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\015b6370-951f-11ec-bb59-4ea9000dfafc.exe
015b6370-951f-11ec-bb59-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
2⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\015a7910-951f-11ec-bb4e-4ea9000dfafc.exe
015a7910-951f-11ec-bb4e-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\01369d60-951f-11ec-ba64-4ea9000dfafc.exe
01369d60-951f-11ec-ba64-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\st170800.cab
2⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\014c2130-951f-11ec-bac5-4ea9000dfafc.exe
014c2130-951f-11ec-bac5-4ea9000dfafc.exe C:\\Users\Admin\Pictures\SwitchDeny.jpg
2⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\0158a450-951f-11ec-bb3b-4ea9000dfafc.exe
0158a450-951f-11ec-bb3b-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1E44.txt
2⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\0159b5c0-951f-11ec-bb49-4ea9000dfafc.exe
0159b5c0-951f-11ec-bb49-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml"
2⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\0146ca00-951f-11ec-ba8d-4ea9000dfafc.exe
0146ca00-951f-11ec-ba8d-4ea9000dfafc.exe C:\\Users\Admin\Downloads\SkipConvertTo.dll
2⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\014877b0-951f-11ec-ba96-4ea9000dfafc.exe
014877b0-951f-11ec-ba96-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml"
2⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\015b3c60-951f-11ec-bb57-4ea9000dfafc.exe
015b3c60-951f-11ec-bb57-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\faxxuvis.default-release\cache2\entries\570D8585930881B4F2E8104754C43FB911F396CC
2⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\014b5de0-951f-11ec-bab8-4ea9000dfafc.exe
014b5de0-951f-11ec-bab8-4ea9000dfafc.exe C:\\Users\Admin\Pictures\ConnectConvertTo.ico
2⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\0150dc20-951f-11ec-bb0d-4ea9000dfafc.exe
0150dc20-951f-11ec-bb0d-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml"
2⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\01594090-951f-11ec-bb46-4ea9000dfafc.exe
01594090-951f-11ec-bb46-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp"
2⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\014bfa20-951f-11ec-bac2-4ea9000dfafc.exe
014bfa20-951f-11ec-bac2-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi"
2⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb73-4ea9000dfafc.exe
015e49a0-951f-11ec-bb73-4ea9000dfafc.exe C:\\Users\Admin\AppData\Local\Temp\jawshtml.html
2⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\0150b510-951f-11ec-bb0a-4ea9000dfafc.exe
0150b510-951f-11ec-bb0a-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico"
2⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\01591980-951f-11ec-bb46-4ea9000dfafc.exe
01591980-951f-11ec-bb46-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Microsoft\Feeds Cache\PAHLSM1Y\fwlink[1]"
2⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\01563350-951f-11ec-bb2f-4ea9000dfafc.exe
01563350-951f-11ec-bb2f-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal"
2⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2b-4ea9000dfafc.exe
01560c40-951f-11ec-bb2b-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG"
2⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\0146a2f0-951f-11ec-ba8b-4ea9000dfafc.exe
0146a2f0-951f-11ec-ba8b-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml"
2⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb85-4ea9000dfafc.exe
015e49a0-951f-11ec-bb85-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
2⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\014bac00-951f-11ec-babb-4ea9000dfafc.exe
014bac00-951f-11ec-babb-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi"
2⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\01568170-951f-11ec-bb2f-4ea9000dfafc.exe
01568170-951f-11ec-bb2f-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp"
2⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\01560c40-951f-11ec-bb2e-4ea9000dfafc.exe
01560c40-951f-11ec-bb2e-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp"
2⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\015e49a0-951f-11ec-bb77-4ea9000dfafc.exe
015e49a0-951f-11ec-bb77-4ea9000dfafc.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE
2⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\015d5f40-951f-11ec-bb66-4ea9000dfafc.exe
015d5f40-951f-11ec-bb66-4ea9000dfafc.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
2⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\01523bb0-951f-11ec-bb15-4ea9000dfafc.exe
01523bb0-951f-11ec-bb15-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG"
2⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\0155be20-951f-11ec-bb29-4ea9000dfafc.exe
0155be20-951f-11ec-bb29-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG"
2⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\0158f270-951f-11ec-bb3f-4ea9000dfafc.exe
0158f270-951f-11ec-bb3f-4ea9000dfafc.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3"
2⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\0153c250-951f-11ec-bb1a-4ea9000dfafc.exe
0153c250-951f-11ec-bb1a-4ea9000dfafc.exe "C:\\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp"
2⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\014ae8b0-951f-11ec-bab1-4ea9000dfafc.exe
014ae8b0-951f-11ec-bab1-4ea9000dfafc.exe "C:\\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwdcw20.dll"
2⤵
PID:2644

C:\Windows\system32\timeout.exe
timeout /t 30 && C:\Windows\system32\cmd.exe /C del C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
2⤵
- Delays execution with timeout.exe
PID:2740

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012a6860-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012a6860-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012add90-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012add90-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\01314630-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\01314630-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\01371290-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\01371290-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013787c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013787c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013ba670-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013ba670-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0128e1c0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012a6860-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012a6860-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012add90-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012add90-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012d9cb0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba62-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\012e11e0-951f-11ec-ba63-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0130f810-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\01314630-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\01314630-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0132a5c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\01371290-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\01371290-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013787c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013787c0-951f-11ec-ba64-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013b5850-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013ba670-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013ba670-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\013eb3b0-951f-11ec-ba67-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba76-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
\Users\Admin\AppData\Local\Temp\0142ab50-951f-11ec-ba77-4ea9000dfafc.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads