4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Resubmissions

24-02-2022 16:15

220224-tql4kadcf3 10

24-02-2022 03:08

220224-dmw7csbgg3 10

Analysis

max time kernel
125s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
24-02-2022 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43564aa0-94f8-11ec-9d1d-005056a01a83.exe
Size

3.1MB
MD5

d5d2c4ac6c724cd63b69ca054713e278
SHA1

f32d791ec9e6385a91b45942c230f52aff1626df
SHA256

4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
SHA512

9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\read_me.html

Ransom Note

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> </head> <body> "The only thing that we learn from new elections is we learned nothing from the old!" <hr> <hr> Thank you for your vote! All your files, documents, photoes, videos, databases etc. have been successfully encrypted! Now your computer has a special ID: ffe5192d-951e-11ec-b788-d2b2bc1ba3a6 <hr> Do not try to decrypt then by yourself - it's impossible! It's just a business and we care only about getting benefits. The only way to get your files back is to contact us and get further instuctions. To prove that we have a decryptor send us any encrypted file (less than 650 kbytes) and we'll send you it back being decrypted. This is our guarantee. NOTE: Do not send file with sensitive content. In the email write us your computer's special ID (mentioned above). <hr> <hr> So if you want to get your files back contact us: 1) [email protected] 2) [email protected] - if we dont't answer you during 3 days <hr> Have a nice day! </body> </html>

Emails

[email protected]

Signatures

Executes dropped EXE 64 IoCs

Processes:

00068672-951f-11ec-b788-d2b2bc1ba3a6.exefff01502-951e-11ec-b788-d2b2bc1ba3a6.exeffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exefffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exefff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exefff57040-951e-11ec-b788-d2b2bc1ba3a6.exefff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.execmd.exe005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe00462471-951f-11ec-b847-d2b2bc1ba3a6.exefffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe00087f5a-951f-11ec-b788-d2b2bc1ba3a6.execmd.exe00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe002f4115-951f-11ec-b78e-d2b2bc1ba3a6.execmd.exefffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exefff917df-951e-11ec-b788-d2b2bc1ba3a6.exe001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exefff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe00462471-951f-11ec-b839-d2b2bc1ba3a6.exe00462471-951f-11ec-b862-d2b2bc1ba3a6.exe002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe00462471-951f-11ec-b851-d2b2bc1ba3a6.exe001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe000216df-951f-11ec-b788-d2b2bc1ba3a6.exe001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exefff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe00462471-951f-11ec-b837-d2b2bc1ba3a6.exefffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe

pid	process
7048	00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
7068	fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
7188	ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
7252	fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
7268	0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
7292	fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
7300	fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
7340	fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
8580	006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8704	00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8736	000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
8756	0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8772	cmd.exe
9096	005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
9152	005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
7056	00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
7280	0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
7820	00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
5692	fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
5852	001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
5844	00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
5780	0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
5756	00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
9240	cmd.exe
9296	00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
9768	001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
9976	002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
9992	cmd.exe
10000	fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
10100	0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
10112	00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
10124	001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
10136	fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
10172	001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
6132	0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
4952	fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
4468	000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
5988	001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
1352	005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
5856	00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
3736	001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
2524	003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
2904	00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
5900	00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
5148	002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
8740	001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
4488	00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
5680	00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
1864	001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
5156	003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
5208	004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
3864	00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
5788	000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
9788	001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
9796	002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
9636	fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
7232	006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
9860	0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
7204	0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
6972	00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
6780	fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
9696	00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
6212	00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
5484	0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

7908 timeout.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

pid process

6232 000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

pid	process
7908	timeout.exe

pid	process
6232	000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

43564aa0-94f8-11ec-9d1d-005056a01a83.exe

description	pid	process	target process
PID 4332 wrote to memory of 3060	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3060	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1836	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1836	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4688	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4688	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4176	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4176	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4640	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4640	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4192	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4192	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4704	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4704	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3860	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3860	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1696	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1696	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2024	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2024	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3724	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3724	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4236	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4236	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1220	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1220	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2876	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2876	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3500	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3500	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2764	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2764	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3400	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3400	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 256	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 256	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2172	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2172	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1324	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1324	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4280	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4280	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3600	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3600	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4372	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4372	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2736	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2736	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4128	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4128	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4468	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4468	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4488	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4488	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4452	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4452	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1788	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1788	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2540	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2540	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
"C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\system32\cmd.exe
  cmd /C copy C:\Users\Admin\AppData\Local\Temp\read_me.html C:\Users\Admin\Desktop\read_me.html
  2⤵
  PID:3060
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4688
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1836
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4176
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4640
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4192
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4704
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:3860
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:2024
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1696
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:4236
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:3724
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1220
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:2876
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:3500
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:3400
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:256
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:2172
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:4280
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:3600
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:4372
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:2736
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:4128
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:4468
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:4452
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:1788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:3452
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:4716
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:2540
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
  2⤵
  PID:5068
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:4952
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
  2⤵
  PID:4488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:4480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe
  2⤵
  PID:4216
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:640
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:636
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:2604
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:2596
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:1888
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:1864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:1080
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
  2⤵
  PID:1372
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:412
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:1788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe
  2⤵
  PID:4644
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b836-d2b2bc1ba3a6.exe
  2⤵
  PID:4252
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
  2⤵
  PID:4044
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:3136
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:3244
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:3572
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
  2⤵
  PID:2624
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:3560
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe
  2⤵
  PID:2604
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00419180-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:3864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:3336
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:1776
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe
  2⤵
  PID:1096
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe
  2⤵
  PID:4716
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5128
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:5136
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:5144
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5152
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5164
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:5176
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:5184
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5456
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5464
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:5472
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5496
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00102079-951f-11ec-b789-d2b2bc1ba3a6.exe
  2⤵
  PID:5524
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5536
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5544
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5560
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5568
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5584
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5664
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5680
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5688
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:5696
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5704
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:5712
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5720
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5728
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5736
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5744
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5752
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:5760
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:5768
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:5776
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5792
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:5856
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5888
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5900
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:5912
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5920
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5936
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:5944
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:5952
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:5960
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:5968
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:5976
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:5984
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:5992
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  2⤵
  PID:6000
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  2⤵
  PID:6008
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  2⤵
  PID:6020
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  2⤵
  PID:6032
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  2⤵
  PID:6040
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:6056
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  2⤵
  PID:6084
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:6096
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  2⤵
  PID:6104
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  2⤵
  PID:6120
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe
  2⤵
  PID:4216
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  2⤵
  PID:4488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  2⤵
  PID:3672
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  2⤵
  PID:1900
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  2⤵
  PID:824
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:2520
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  2⤵
  PID:652
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  2⤵
  PID:948
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  2⤵
  PID:2880
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  2⤵
  PID:2624
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe
  2⤵
  PID:3864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  2⤵
  PID:1036
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  2⤵
  PID:1372
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:1852
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:4528
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:1776
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:3504
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:1528
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:1196
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:5172
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:5160
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5208
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5196
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5212
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5204
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5236
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00395564-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:5228
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:5224
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:5248
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:5268
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00436559-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:5276
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:5288
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:1028
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:5164
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:5512
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:5504
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe
  2⤵
  PID:5532
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe
  2⤵
  PID:5520
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe
  2⤵
  PID:5580
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:5480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe
  2⤵
  PID:5600
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe
  2⤵
  PID:5616
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe
  2⤵
  PID:5608
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe
  2⤵
  PID:5488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:5636
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe
  2⤵
  PID:5632
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe
  2⤵
  PID:5628
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe
  2⤵
  PID:5552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe
  2⤵
  PID:5564
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe
  2⤵
  PID:5652
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe
  2⤵
  PID:5656
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe
  2⤵
  PID:3484
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe
  2⤵
  PID:6160
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe
  2⤵
  PID:6168
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b814-d2b2bc1ba3a6.exe
  2⤵
  PID:6184
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b815-d2b2bc1ba3a6.exe
  2⤵
  PID:6208
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b817-d2b2bc1ba3a6.exe
  2⤵
  PID:6200
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b816-d2b2bc1ba3a6.exe
  2⤵
  PID:6232
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b818-d2b2bc1ba3a6.exe
  2⤵
  PID:6240
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe
  2⤵
  PID:6264
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe
  2⤵
  PID:6272
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe
  2⤵
  PID:6280
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe
  2⤵
  PID:6288
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe
  2⤵
  PID:6296
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe
  2⤵
  PID:6304
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b821-d2b2bc1ba3a6.exe
  2⤵
  PID:6312
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe
  2⤵
  PID:6320
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b822-d2b2bc1ba3a6.exe
  2⤵
  PID:6328
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe
  2⤵
  PID:6336
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe
  2⤵
  PID:6344
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe
  2⤵
  PID:6356
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b826-d2b2bc1ba3a6.exe
  2⤵
  PID:6376
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b827-d2b2bc1ba3a6.exe
  2⤵
  PID:6384
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe
  2⤵
  PID:6392
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe
  2⤵
  PID:6400
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe
  2⤵
  PID:6408
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe
  2⤵
  PID:6416
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe
  2⤵
  PID:6424
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe
  2⤵
  PID:6436
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe
  2⤵
  PID:6448
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:6464
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe
  2⤵
  PID:6480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe
  2⤵
  PID:6504
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b830-d2b2bc1ba3a6.exe
  2⤵
  PID:6512
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe
  2⤵
  PID:6532
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b833-d2b2bc1ba3a6.exe
  2⤵
  PID:6552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b834-d2b2bc1ba3a6.exe
  2⤵
  PID:6560
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:6568
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:6576
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe
  2⤵
  PID:6584
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe
  2⤵
  PID:6592
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe
  2⤵
  PID:6600
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe
  2⤵
  PID:6608
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
  2⤵
  PID:6620
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe
  2⤵
  PID:6632
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe
  2⤵
  PID:6640
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe
  2⤵
  PID:6648
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe
  2⤵
  PID:6656
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe
  2⤵
  PID:6664
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe
  2⤵
  PID:6672
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe
  2⤵
  PID:6680
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe
  2⤵
  PID:6688
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b865-d2b2bc1ba3a6.exe
  2⤵
  PID:6696
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:6712
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:6732
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:6752
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe
  2⤵
  PID:6788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:6816
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:6832
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe
  2⤵
  PID:6848
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b842-d2b2bc1ba3a6.exe
  2⤵
  PID:6868
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:6880
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe
  2⤵
  PID:6896
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b843-d2b2bc1ba3a6.exe
  2⤵
  PID:6912
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe
  2⤵
  PID:6932
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:6944
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:6952
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00347197-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:6992
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe
  2⤵
  PID:6968
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:7016
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:7040
- C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
  00068672-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat
  2⤵
  - Executes dropped EXE
  PID:7048
- C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi
  2⤵
  - Executes dropped EXE
  PID:7068
- C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
  ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\vcredist2010_x86.log.html
  2⤵
  - Executes dropped EXE
  PID:7188
- C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml
  2⤵
  - Executes dropped EXE
  PID:7252
- C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
  0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml
  2⤵
  - Executes dropped EXE
  PID:7268
- C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab
  2⤵
  - Executes dropped EXE
  PID:7292
- C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
  2⤵
  - Executes dropped EXE
  PID:7300
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:7316
- C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png
  2⤵
  - Executes dropped EXE
  PID:7340
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe
  2⤵
  PID:7384
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe
  2⤵
  PID:7424
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe
  2⤵
  PID:7504
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:7552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b831-d2b2bc1ba3a6.exe
  2⤵
  PID:7540
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7532
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:7524
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b828-d2b2bc1ba3a6.exe
  2⤵
  PID:7488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:7476
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe
  2⤵
  PID:7444
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7756
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7780
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:7804
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b846-d2b2bc1ba3a6.exe
  2⤵
  PID:7812
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b849-d2b2bc1ba3a6.exe
  2⤵
  PID:7844
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe
  2⤵
  PID:7856
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe
  2⤵
  PID:7864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b848-d2b2bc1ba3a6.exe
  2⤵
  PID:7836
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe
  2⤵
  PID:7872
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
  2⤵
  PID:7824
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b852-d2b2bc1ba3a6.exe
  2⤵
  PID:7892
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b850-d2b2bc1ba3a6.exe
  2⤵
  PID:7924
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
  2⤵
  PID:7964
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe
  2⤵
  PID:8016
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe
  2⤵
  PID:7988
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe
  2⤵
  PID:8092
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe
  2⤵
  PID:8100
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b875-d2b2bc1ba3a6.exe
  2⤵
  PID:7980
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:8160
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe
  2⤵
  PID:7940
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
  2⤵
  PID:7944
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b855-d2b2bc1ba3a6.exe
  2⤵
  PID:8200
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b856-d2b2bc1ba3a6.exe
  2⤵
  PID:8280
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b858-d2b2bc1ba3a6.exe
  2⤵
  PID:8300
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b859-d2b2bc1ba3a6.exe
  2⤵
  PID:8316
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8340
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8356
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  2⤵
  PID:8404
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe
  2⤵
  PID:8392
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8380
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8428
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe
  2⤵
  PID:8444
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe
  2⤵
  PID:8420
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe
  2⤵
  PID:8460
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe
  2⤵
  PID:8468
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe
  2⤵
  PID:8476
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe
  2⤵
  PID:8492
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b881-d2b2bc1ba3a6.exe
  2⤵
  PID:8500
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00342331-951f-11ec-b790-d2b2bc1ba3a6.exe
  2⤵
  PID:8508
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:8516
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b882-d2b2bc1ba3a6.exe
  2⤵
  PID:8572
- C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\AppData\Local\Application Data"
  2⤵
  - Executes dropped EXE
  PID:8580
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00420529-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:8560
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b860-d2b2bc1ba3a6.exe
  2⤵
  PID:8620
- C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Admin\Start Menu"
  2⤵
  - Executes dropped EXE
  PID:8704
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe
  2⤵
  PID:8728
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab"
  2⤵
  PID:8736
- C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\SendTo
  2⤵
  - Executes dropped EXE
  PID:8756
- C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\All Users"
  2⤵
  PID:8772
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe
  2⤵
  PID:8784
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe
  2⤵
  PID:8792
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe
  2⤵
  PID:8800
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe
  2⤵
  PID:8808
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe
  2⤵
  PID:8816
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:8824
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8832
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe
  2⤵
  PID:8840
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b866-d2b2bc1ba3a6.exe
  2⤵
  PID:8848
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe
  2⤵
  PID:8856
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe
  2⤵
  PID:8864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:8872
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b824-d2b2bc1ba3a6.exe
  2⤵
  PID:8880
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8888
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00342331-951f-11ec-b791-d2b2bc1ba3a6.exe
  2⤵
  PID:8896
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b854-d2b2bc1ba3a6.exe
  2⤵
  PID:8904
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b857-d2b2bc1ba3a6.exe
  2⤵
  PID:8912
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe
  2⤵
  PID:8920
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe
  2⤵
  PID:8928
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:8936
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe
  2⤵
  PID:8944
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe
  2⤵
  PID:8952
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe
  2⤵
  PID:8960
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8968
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8976
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe
  2⤵
  PID:8984
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b868-d2b2bc1ba3a6.exe
  2⤵
  PID:8992
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe
  2⤵
  PID:9000
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:9008
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b864-d2b2bc1ba3a6.exe
  2⤵
  PID:9016
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe
  2⤵
  PID:9024
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe
  2⤵
  PID:9032
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:9040
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:9048
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe
  2⤵
  PID:9056
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe
  2⤵
  PID:9064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe
  2⤵
  PID:9072
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b885-d2b2bc1ba3a6.exe
  2⤵
  PID:9080
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe
  2⤵
  PID:9088
- C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\PrintHood
  2⤵
  - Executes dropped EXE
  PID:9096
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe
  2⤵
  PID:9116
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe
  2⤵
  PID:9128
- C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\Recent
  2⤵
  - Executes dropped EXE
  PID:9152
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b886-d2b2bc1ba3a6.exe
  2⤵
  PID:9144
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe
  2⤵
  PID:9184
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe
  2⤵
  PID:9192
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe
  2⤵
  PID:9212
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe
  2⤵
  PID:9204
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe
  2⤵
  PID:1844
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:8324
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:2632
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b870-d2b2bc1ba3a6.exe
  2⤵
  PID:7796
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:1220
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe
  2⤵
  PID:7800
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7920
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b893-d2b2bc1ba3a6.exe
  2⤵
  PID:4060
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b891-d2b2bc1ba3a6.exe
  2⤵
  PID:2920
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe
  2⤵
  PID:7652
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe
  2⤵
  PID:7648
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe
  2⤵
  PID:7688
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:7936
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe
  2⤵
  PID:7908
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe
  2⤵
  PID:7880
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b897-d2b2bc1ba3a6.exe
  2⤵
  PID:7192
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:7952
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe
  2⤵
  PID:8028
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:8076
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe
  2⤵
  PID:7340
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe
  2⤵
  PID:7912
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b899-d2b2bc1ba3a6.exe
  2⤵
  PID:7852
- C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
  00347197-951f-11ec-b791-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png"
  2⤵
  PID:7056
- C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
  0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal
  2⤵
  - Executes dropped EXE
  PID:7280
- C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
  00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml"
  2⤵
  PID:7820
- C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\tinytile.png
  2⤵
  - Executes dropped EXE
  PID:5692
- C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
  0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT"
  2⤵
  PID:5844
- C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
  2⤵
  - Executes dropped EXE
  PID:5852
- C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
  00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
  2⤵
  - Executes dropped EXE
  PID:9296
- C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749
  2⤵
  PID:9240
- C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png"
  2⤵
  PID:5756
- C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml
  2⤵
  - Executes dropped EXE
  PID:9768
- C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
  2⤵
  - Executes dropped EXE
  PID:5780
- C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
  2⤵
  - Executes dropped EXE
  PID:9976
- C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
  0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
  2⤵
  PID:9992
- C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml
  2⤵
  - Executes dropped EXE
  PID:10000
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe
  2⤵
  PID:10020
- C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
  0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
  2⤵
  - Executes dropped EXE
  PID:10100
- C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
  00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml
  2⤵
  - Executes dropped EXE
  PID:10112
- C:\Users\Admin\AppData\Local\Temp\001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
  2⤵
  - Executes dropped EXE
  PID:10124
- C:\Users\Admin\AppData\Local\Temp\fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe "C:\\ProgramData\Application Data"
  2⤵
  - Executes dropped EXE
  PID:10136
- C:\Users\Admin\AppData\Local\Temp\001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3
  2⤵
  - Executes dropped EXE
  PID:10172
- C:\Users\Admin\AppData\Local\Temp\0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
  0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\DebugConvertTo.pub
  2⤵
  - Executes dropped EXE
  PID:6132
- C:\Users\Admin\AppData\Local\Temp\fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Users\Admin\AppData\Local\Temp\000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
  000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe
  2⤵
  PID:1788
- C:\Users\Admin\AppData\Local\Temp\001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOCK
  2⤵
  - Executes dropped EXE
  PID:5988
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe
  2⤵
  PID:5892
- C:\Users\Admin\AppData\Local\Temp\00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe
  00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies
  2⤵
  PID:1352
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe
  2⤵
  PID:5860
- C:\Users\Admin\AppData\Local\Temp\00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe
  00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml
  2⤵
  PID:5856
- C:\Users\Admin\AppData\Local\Temp\001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links"
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Users\Admin\AppData\Local\Temp\003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
  003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe
  2⤵
  PID:7960
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b862-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT"
  2⤵
  - Executes dropped EXE
  PID:5900
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b839-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK"
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe
  2⤵
  PID:5888
- C:\Users\Admin\AppData\Local\Temp\002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml
  2⤵
  - Executes dropped EXE
  PID:5148
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe
  2⤵
  PID:5216
- C:\Users\Admin\AppData\Local\Temp\001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml
  2⤵
  - Executes dropped EXE
  PID:8740
- C:\Users\Admin\AppData\Local\Temp\003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe
  003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ja-JP\resource.xml"
  2⤵
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe
  00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0
  2⤵
  PID:5680
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe
  2⤵
  PID:5516
- C:\Users\Admin\AppData\Local\Temp\001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe
  2⤵
  PID:6256
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe
  2⤵
  PID:1096
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe
  2⤵
  PID:3336
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe
  2⤵
  PID:6432
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b844-d2b2bc1ba3a6.exe
  2⤵
  PID:1716
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe
  2⤵
  PID:6216
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe
  2⤵
  PID:6192
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe
  2⤵
  PID:5500
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b819-d2b2bc1ba3a6.exe
  2⤵
  PID:640
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe
  2⤵
  PID:5284
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe
  2⤵
  PID:6352
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:2064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:6456
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe
  2⤵
  PID:1088
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe
  2⤵
  PID:3136
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b869-d2b2bc1ba3a6.exe
  2⤵
  PID:6120
- C:\Users\Admin\AppData\Local\Temp\003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
  003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1346565761-3498240568-4147300184-1000\Preferred
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Users\Admin\AppData\Local\Temp\004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
  004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\AlternateServices.txt
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Users\Admin\AppData\Local\Temp\003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe
  003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico"
  2⤵
  PID:3864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe
  2⤵
  PID:5212
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe
  2⤵
  PID:5168
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe
  2⤵
  PID:9500
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe
  2⤵
  - Executes dropped EXE
  PID:8772
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe
  2⤵
  PID:9292
- C:\Users\Admin\AppData\Local\Temp\000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
  000216df-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
  2⤵
  - Executes dropped EXE
  PID:5788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe
  2⤵
  PID:9820
- C:\Users\Admin\AppData\Local\Temp\002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
  2⤵
  - Executes dropped EXE
  PID:9796
- C:\Users\Admin\AppData\Local\Temp\ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe
  ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
  2⤵
  PID:9788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe
  2⤵
  PID:5696
- C:\Users\Admin\AppData\Local\Temp\fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\tinytile.png
  2⤵
  - Executes dropped EXE
  PID:9636
- C:\Users\Admin\AppData\Local\Temp\006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Default\AppData\Local\History
  2⤵
  - Executes dropped EXE
  PID:7232
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe
  2⤵
  PID:7392
- C:\Users\Admin\AppData\Local\Temp\0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
  0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user.png"
  2⤵
  - Executes dropped EXE
  PID:9860
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe
  2⤵
  PID:7240
- C:\Users\Admin\AppData\Local\Temp\0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
  0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml
  2⤵
  - Executes dropped EXE
  PID:7204
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b845-d2b2bc1ba3a6.exe
  2⤵
  PID:7624
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe
  2⤵
  PID:7584
- C:\Users\Admin\AppData\Local\Temp\004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe
  004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\de-DE\resource.xml"
  2⤵
  PID:6972
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe
  2⤵
  PID:6684
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe
  2⤵
  PID:6860
- C:\Users\Admin\AppData\Local\Temp\fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Desktop
  2⤵
  - Executes dropped EXE
  PID:6780
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe
  2⤵
  PID:5800
- C:\Users\Admin\AppData\Local\Temp\00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
  00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\SecurityPreloadState.txt
  2⤵
  - Executes dropped EXE
  PID:9696
- C:\Users\Admin\AppData\Local\Temp\00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
  00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20200403170909"
  2⤵
  - Executes dropped EXE
  PID:6212
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe
  2⤵
  PID:6748
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user-32.png"
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Users\Admin\AppData\Local\Temp\003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe
  003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
  2⤵
  PID:7036
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe
  2⤵
  PID:5544
- C:\Users\Admin\AppData\Local\Temp\0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\pkcs11.txt
  2⤵
  PID:9808
- C:\Users\Admin\AppData\Local\Temp\0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe
  0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\SiteSecurityServiceState.txt
  2⤵
  PID:6388
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b836-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b836-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal"
  2⤵
  PID:6340
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b829-d2b2bc1ba3a6.exe
  2⤵
  PID:7024
- C:\Users\Admin\AppData\Local\Temp\fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Documents
  2⤵
  PID:7400
- C:\Users\Admin\AppData\Local\Temp\00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\pluginreg.dat
  2⤵
  PID:7332
- C:\Users\Admin\AppData\Local\Temp\00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ReadInitialize.css
  2⤵
  PID:6292
- C:\Users\Admin\AppData\Local\Temp\0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe
  0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat
  2⤵
  PID:7028
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\Admin.dat"
  2⤵
  PID:7064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b872-d2b2bc1ba3a6.exe
  2⤵
  PID:7748
- C:\Users\Admin\AppData\Local\Temp\fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe
  fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png
  2⤵
  PID:7436
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe
  2⤵
  PID:5152
- C:\Users\Admin\AppData\Local\Temp\00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\PopAssert.ico
  2⤵
  PID:6540
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe
  2⤵
  PID:9656
- C:\Users\Admin\AppData\Local\Temp\00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe
  00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl
  2⤵
  PID:5740
- C:\Users\Admin\AppData\Local\Temp\004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe
  004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico"
  2⤵
  PID:9664
- C:\Users\Admin\AppData\Local\Temp\0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe
  0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\en-us.16\MasterDescriptor.en-us.xml
  2⤵
  PID:6980
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe
  2⤵
  PID:9920
- C:\Users\Admin\AppData\Local\Temp\00419180-951f-11ec-b793-d2b2bc1ba3a6.exe
  00419180-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico"
  2⤵
  PID:5884
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe
  2⤵
  PID:7604
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe
  2⤵
  PID:7260
- C:\Users\Admin\AppData\Local\Temp\0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ReceiveStep.bmp
  2⤵
  PID:7184
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:7228
- C:\Users\Admin\AppData\Local\Temp\0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe
  0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\en-us.16\stream.x64.en-us.man.dat
  2⤵
  PID:7244
- C:\Users\Admin\AppData\Local\Temp\00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe
  00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml
  2⤵
  PID:6920
- C:\Users\Admin\AppData\Local\Temp\000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe
  000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat
  2⤵
  PID:6864
- C:\Users\Admin\AppData\Local\Temp\0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\RequestRestore.cfg
  2⤵
  PID:7356
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe
  2⤵
  PID:6544
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b892-d2b2bc1ba3a6.exe
  2⤵
  PID:7596
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe
  2⤵
  PID:7484
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe
  2⤵
  PID:7088
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b835-d2b2bc1ba3a6.exe
  2⤵
  PID:7516
- C:\Users\Admin\AppData\Local\Temp\004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\RevokeStep.dot
  2⤵
  PID:6616
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe
  2⤵
  PID:6960
- C:\Users\Admin\AppData\Local\Temp\000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe
  000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\x-none.16\MasterDescriptor.x-none.xml
  2⤵
  PID:7440
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b832-d2b2bc1ba3a6.exe
  2⤵
  PID:5160
- C:\Users\Admin\AppData\Local\Temp\000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe
  000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat
  2⤵
  PID:7728
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe
  2⤵
  PID:6936
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:7696
- C:\Users\Admin\AppData\Local\Temp\00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
  00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\mergedVirtualRegistry.dat
  2⤵
  - Executes dropped EXE
  PID:5756
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe
  2⤵
  PID:6672
- C:\Users\Admin\AppData\Local\Temp\004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\StartComplete.png
  2⤵
  PID:6552
- C:\Users\Admin\AppData\Local\Temp\00102079-951f-11ec-b789-d2b2bc1ba3a6.exe
  00102079-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml
  2⤵
  PID:5288
- C:\Users\Admin\AppData\Local\Temp\000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe
  000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:6232
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe
  2⤵
  PID:9972
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b877-d2b2bc1ba3a6.exe
  2⤵
  PID:6732
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c8-d2b2bc1ba3a6.exe
  2⤵
  PID:6336
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ca-d2b2bc1ba3a6.exe
  2⤵
  PID:6264
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e7-d2b2bc1ba3a6.exe
  2⤵
  PID:6608
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b878-d2b2bc1ba3a6.exe
  2⤵
  PID:6168
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87f-d2b2bc1ba3a6.exe
  2⤵
  PID:5552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003e0f02-951f-11ec-b793-d2b2bc1ba3a6.exe
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b853-d2b2bc1ba3a6.exe
  2⤵
  - Executes dropped EXE
  PID:9240
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cd-d2b2bc1ba3a6.exe
  2⤵
  PID:6680
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89b-d2b2bc1ba3a6.exe
  2⤵
  PID:6816
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b6-d2b2bc1ba3a6.exe
  2⤵
  PID:6344
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7aa-d2b2bc1ba3a6.exe
  2⤵
  PID:6296
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ec-d2b2bc1ba3a6.exe
  2⤵
  PID:6576
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c1-d2b2bc1ba3a6.exe
  2⤵
  PID:6632
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b838-d2b2bc1ba3a6.exe
  2⤵
  PID:6280
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b879-d2b2bc1ba3a6.exe
  2⤵
  PID:6436
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002bbe61-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  PID:5580
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004a9224-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:8656
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ca-d2b2bc1ba3a6.exe
  2⤵
  PID:5656
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b874-d2b2bc1ba3a6.exe
  2⤵
  PID:6956
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b898-d2b2bc1ba3a6.exe
  2⤵
  PID:8048
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c9-d2b2bc1ba3a6.exe
  2⤵
  PID:8112
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0055189e-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  2⤵
  PID:7428
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b861-d2b2bc1ba3a6.exe
  2⤵
  PID:8056
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033383d-951f-11ec-b78f-d2b2bc1ba3a6.exe
  2⤵
  PID:7984
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b873-d2b2bc1ba3a6.exe
  2⤵
  PID:7308
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87c-d2b2bc1ba3a6.exe
  2⤵
  PID:5728
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87d-d2b2bc1ba3a6.exe
  2⤵
  PID:5828
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b813-d2b2bc1ba3a6.exe
  2⤵
  PID:9620
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79a-d2b2bc1ba3a6.exe
  2⤵
  PID:9480
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b811-d2b2bc1ba3a6.exe
  2⤵
  PID:5848
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81b-d2b2bc1ba3a6.exe
  2⤵
  PID:9912
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b884-d2b2bc1ba3a6.exe
  2⤵
  PID:9864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a4-d2b2bc1ba3a6.exe
  2⤵
  PID:8260
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a2-d2b2bc1ba3a6.exe
  2⤵
  PID:7992
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a7-d2b2bc1ba3a6.exe
  2⤵
  PID:8128
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b820-d2b2bc1ba3a6.exe
  2⤵
  PID:8116
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b876-d2b2bc1ba3a6.exe
  2⤵
  PID:8156
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c9-d2b2bc1ba3a6.exe
  2⤵
  PID:8364
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007bdae1-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8228
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d0-d2b2bc1ba3a6.exe
  2⤵
  PID:7840
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84d-d2b2bc1ba3a6.exe
  2⤵
  PID:8216
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84b-d2b2bc1ba3a6.exe
  2⤵
  PID:8264
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79f-d2b2bc1ba3a6.exe
  2⤵
  PID:7528
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b871-d2b2bc1ba3a6.exe
  2⤵
  PID:7544
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8be-d2b2bc1ba3a6.exe
  2⤵
  PID:8148
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b863-d2b2bc1ba3a6.exe
  2⤵
  PID:8232
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bc-d2b2bc1ba3a6.exe
  2⤵
  PID:8244
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79d-d2b2bc1ba3a6.exe
  2⤵
  PID:8224
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b823-d2b2bc1ba3a6.exe
  2⤵
  PID:8388
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c0-d2b2bc1ba3a6.exe
  2⤵
  PID:8096
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b825-d2b2bc1ba3a6.exe
  2⤵
  PID:7784
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ad-d2b2bc1ba3a6.exe
  2⤵
  PID:10056
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cf-d2b2bc1ba3a6.exe
  2⤵
  PID:10064
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030794d-951f-11ec-b78e-d2b2bc1ba3a6.exe
  2⤵
  - Executes dropped EXE
  PID:9992
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cd-d2b2bc1ba3a6.exe
  2⤵
  PID:8016
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85b-d2b2bc1ba3a6.exe
  2⤵
  PID:10076
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85a-d2b2bc1ba3a6.exe
  2⤵
  PID:10084
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b867-d2b2bc1ba3a6.exe
  2⤵
  PID:8160
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c2-d2b2bc1ba3a6.exe
  2⤵
  PID:7836
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a3-d2b2bc1ba3a6.exe
  2⤵
  PID:7964
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b841-d2b2bc1ba3a6.exe
  2⤵
  PID:7756
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c8-d2b2bc1ba3a6.exe
  2⤵
  PID:10040
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b888-d2b2bc1ba3a6.exe
  2⤵
  PID:10032
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003645c9-951f-11ec-b792-d2b2bc1ba3a6.exe
  2⤵
  PID:7812
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007683f4-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  2⤵
  PID:8456
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033fe6a-951f-11ec-b790-d2b2bc1ba3a6.exe
  2⤵
  PID:8696
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00687968-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  2⤵
  PID:8536
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e2-d2b2bc1ba3a6.exe
  2⤵
  PID:8664
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86d-d2b2bc1ba3a6.exe
  2⤵
  PID:5948
- C:\Users\Admin\AppData\Local\Temp\004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\UnregisterUnlock.png
  2⤵
  PID:8568
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b880-d2b2bc1ba3a6.exe
  2⤵
  PID:8488
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ef-d2b2bc1ba3a6.exe
  2⤵
  PID:8552
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cc-d2b2bc1ba3a6.exe
  2⤵
  PID:8344
- C:\Users\Admin\AppData\Local\Temp\00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe
  00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI115A.txt
  2⤵
  PID:10212
- C:\Users\Admin\AppData\Local\Temp\004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Cookies
  2⤵
  PID:5084
- C:\Users\Admin\AppData\Local\Temp\00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe
  00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml
  2⤵
  PID:6140
- C:\Users\Admin\AppData\Local\Temp\004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\ProtectEdit.txt
  2⤵
  PID:8396
- C:\Users\Admin\AppData\Local\Temp\004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\MountFormat.avi
  2⤵
  PID:8612
- C:\Users\Admin\AppData\Local\Temp\004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\ExitSet.xps
  2⤵
  PID:8628
- C:\Users\Admin\AppData\Local\Temp\004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Are.docx
  2⤵
  PID:9136
- C:\Users\Admin\AppData\Local\Temp\004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\RemoveInvoke.zip
  2⤵
  PID:7940
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f0-d2b2bc1ba3a6.exe
  2⤵
  PID:9112
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b883-d2b2bc1ba3a6.exe
  2⤵
  PID:8356
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f7-d2b2bc1ba3a6.exe
  2⤵
  PID:8492
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a3-d2b2bc1ba3a6.exe
  2⤵
  PID:8316
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b887-d2b2bc1ba3a6.exe
  2⤵
  PID:8460
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b801-d2b2bc1ba3a6.exe
  2⤵
  PID:9512
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bb-d2b2bc1ba3a6.exe
  2⤵
  PID:9148
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f9-d2b2bc1ba3a6.exe
  2⤵
  PID:5836
- C:\Users\Admin\AppData\Local\Temp\00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe
  00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\jawshtml.html
  2⤵
  PID:9580
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88d-d2b2bc1ba3a6.exe
  2⤵
  PID:9044
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e8-d2b2bc1ba3a6.exe
  2⤵
  PID:9404
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b9-d2b2bc1ba3a6.exe
  2⤵
  PID:8924
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88a-d2b2bc1ba3a6.exe
  2⤵
  PID:8892
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84e-d2b2bc1ba3a6.exe
  2⤵
  PID:5744
- C:\Users\Admin\AppData\Local\Temp\005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Files.docx
  2⤵
  PID:8884
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b895-d2b2bc1ba3a6.exe
  2⤵
  PID:7832
- C:\Users\Admin\AppData\Local\Temp\00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\ExitInitialize.doc
  2⤵
  PID:8024
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89d-d2b2bc1ba3a6.exe
  2⤵
  PID:5704
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88e-d2b2bc1ba3a6.exe
  2⤵
  PID:9544
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b889-d2b2bc1ba3a6.exe
  2⤵
  PID:9340
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f4-d2b2bc1ba3a6.exe
  2⤵
  PID:5876
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b840-d2b2bc1ba3a6.exe
  2⤵
  PID:8836
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b894-d2b2bc1ba3a6.exe
  2⤵
  PID:8956
- C:\Users\Admin\AppData\Local\Temp\0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ConfirmUndo.dll
  2⤵
  PID:9468
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b808-d2b2bc1ba3a6.exe
  2⤵
  PID:9576
- C:\Users\Admin\AppData\Local\Temp\000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe
  000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt
  2⤵
  PID:9232
- C:\Users\Admin\AppData\Local\Temp\0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe
  0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI1125.txt
  2⤵
  PID:8788
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85f-d2b2bc1ba3a6.exe
  2⤵
  PID:5864
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a1-d2b2bc1ba3a6.exe
  2⤵
  PID:5712
- C:\Users\Admin\AppData\Local\Temp\0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\SearchClose.html
  2⤵
  PID:5716
- C:\Users\Admin\AppData\Local\Temp\001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001
  2⤵
  PID:8820
- C:\Users\Admin\AppData\Local\Temp\0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\EnableWait.html
  2⤵
  PID:6016
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b4-d2b2bc1ba3a6.exe
  2⤵
  PID:5824
- C:\Users\Admin\AppData\Local\Temp\0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe
  0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Temporary Internet Files"
  2⤵
  PID:7852
- C:\Users\Admin\AppData\Local\Temp\0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\PublishMerge.mp3
  2⤵
  PID:7256
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ba-d2b2bc1ba3a6.exe
  2⤵
  PID:5820
- C:\Users\Admin\AppData\Local\Temp\0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ApproveConvertTo.pdf
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\RegisterConnect.gif
  2⤵
  PID:6064
- C:\Users\Admin\AppData\Local\Temp\0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\InstallUse.bmp
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\TraceSuspend.xps
  2⤵
  PID:8328
- C:\Users\Admin\AppData\Local\Temp\001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml
  2⤵
  PID:9740
- C:\Users\Admin\AppData\Local\Temp\005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\RemoveRepair.zip
  2⤵
  PID:9668
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a2-d2b2bc1ba3a6.exe
  2⤵
  PID:9572
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a4-d2b2bc1ba3a6.exe
  2⤵
  PID:9592
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b2-d2b2bc1ba3a6.exe
  2⤵
  PID:9012
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b896-d2b2bc1ba3a6.exe
  2⤵
  PID:9828
- C:\Users\Admin\AppData\Local\Temp\00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\These.docx
  2⤵
  PID:7048
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b6-d2b2bc1ba3a6.exe
  2⤵
  PID:9472
- C:\Users\Admin\AppData\Local\Temp\003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe
  003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ConnectUnregister.xps
  2⤵
  PID:9360
- C:\Users\Admin\AppData\Local\Temp\0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\OutMeasure.png
  2⤵
  PID:9444
- C:\Users\Admin\AppData\Local\Temp\002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
  2⤵
  PID:6076
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG"
  2⤵
  PID:776
- C:\Users\Admin\AppData\Local\Temp\005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\ConvertFromApprove.bmp
  2⤵
  PID:8784
- C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\Wallpaper.jpg
  2⤵
  PID:8968
- C:\Users\Admin\AppData\Local\Temp\005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\CompleteDebug.html
  2⤵
  PID:9088
- C:\Users\Admin\AppData\Local\Temp\0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\SearchEnter.xlsx
  2⤵
  PID:9032
- C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b792-d2b2bc1ba3a6.exe
  00347197-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\st180660.cab
  2⤵
  PID:8808
- C:\Users\Admin\AppData\Local\Temp\0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\DisconnectUnlock.xls
  2⤵
  PID:8028
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b1-d2b2bc1ba3a6.exe
  2⤵
  PID:7936
- C:\Users\Admin\AppData\Local\Temp\005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\UnlockSend.xps
  2⤵
  PID:9072
- C:\Users\Admin\AppData\Local\Temp\005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Favorites\Bing.url
  2⤵
  PID:2920
- C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe
  0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml
  2⤵
  PID:9308
- C:\Users\Admin\AppData\Local\Temp\00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\FormatSend.htm
  2⤵
  PID:1128
- C:\Users\Admin\AppData\Local\Temp\00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe
  00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ExportLock.pptx
  2⤵
  PID:4460
- C:\Users\Admin\AppData\Local\Temp\0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe
  0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ProtectSubmit.html
  2⤵
  PID:10024
- C:\Users\Admin\AppData\Local\Temp\005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\UseApprove.jpeg
  2⤵
  PID:7800
- C:\Users\Admin\AppData\Local\Temp\0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Music"
  2⤵
  PID:6052
- C:\Users\Admin\AppData\Local\Temp\005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\SwitchApprove.gif
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Users\Admin\AppData\Local\Temp\001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml
  2⤵
  PID:6060
- C:\Users\Admin\AppData\Local\Temp\005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\OptimizeSave.bmp
  2⤵
  PID:10068
- C:\Users\Admin\AppData\Local\Temp\005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe
  005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe "C:\\Users\Admin\Local Settings"
  2⤵
  PID:7960
- C:\Users\Admin\AppData\Local\Temp\001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml
  2⤵
  PID:5516
- C:\Users\Admin\AppData\Local\Temp\0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe
  0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
  2⤵
  PID:412
- C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe
  0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml
  2⤵
  PID:6252
- C:\Users\Admin\AppData\Local\Temp\005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\SplitExit.gif
  2⤵
  PID:1136
- C:\Users\Admin\AppData\Local\Temp\003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe
  003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1346565761-3498240568-4147300184-1000\1e0323f3-ff69-440a-83a9-b6c67c2edc8a
  2⤵
  PID:5536
- C:\Users\Admin\AppData\Local\Temp\002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml
  2⤵
  PID:5524
- C:\Users\Admin\AppData\Local\Temp\00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe
  00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\CompressUpdate.ico
  2⤵
  PID:4044
- C:\Users\Admin\AppData\Local\Temp\00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\AppData\Local\Temporary Internet Files"
  2⤵
  PID:5176
- C:\Users\Admin\AppData\Local\Temp\005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\NetHood
  2⤵
  PID:2064
- C:\Users\Admin\AppData\Local\Temp\00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\Cookies
  2⤵
  PID:1488
- C:\Users\Admin\AppData\Local\Temp\005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe "C:\\Users\Admin\My Documents"
  2⤵
  PID:7916
- C:\Users\Admin\AppData\Local\Temp\0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe
  0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico"
  2⤵
  PID:5688
- C:\Users\Admin\AppData\Local\Temp\00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe
  00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\MeasureDisable.gif
  2⤵
  PID:5992
- C:\Users\Admin\AppData\Local\Temp\0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Pictures"
  2⤵
  PID:5132
- C:\Users\Admin\AppData\Local\Temp\00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
  00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\Application Data"
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Users\Admin\AppData\Local\Temp\00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
  00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png"
  2⤵
  - Executes dropped EXE
  PID:5856
- C:\Users\Admin\AppData\Local\Temp\fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe
  fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png
  2⤵
  PID:948
- C:\Users\Admin\AppData\Local\Temp\005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe
  005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\NTUSER.DAT
  2⤵
  PID:2092
- C:\Users\Admin\AppData\Local\Temp\001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2
  2⤵
  PID:9436
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89e-d2b2bc1ba3a6.exe
  2⤵
  PID:5680
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b821-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b821-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico"
  2⤵
  PID:6220
- C:\Users\Admin\AppData\Local\Temp\003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe
  003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
  2⤵
  PID:6476
- C:\Users\Admin\AppData\Local\Temp\00395564-951f-11ec-b792-d2b2bc1ba3a6.exe
  00395564-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_e269d2c1-0edf-4391-ac7b-818b8e88b04f
  2⤵
  PID:9452
- C:\Users\Admin\AppData\Local\Temp\0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe
  0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead
  2⤵
  PID:2520
- C:\Users\Admin\AppData\Local\Temp\00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
  00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png"
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3"
  2⤵
  PID:8724
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c4-d2b2bc1ba3a6.exe
  2⤵
  PID:9384
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index"
  2⤵
  PID:9888
- C:\Users\Admin\AppData\Local\Temp\001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
  2⤵
  - Executes dropped EXE
  PID:9788
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3"
  2⤵
  PID:7404
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84f-d2b2bc1ba3a6.exe
  2⤵
  PID:6856
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal"
  2⤵
  PID:7248
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor"
  2⤵
  PID:7972
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml
  2⤵
  PID:5548
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b815-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b815-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK"
  2⤵
  PID:8760
- C:\Users\Admin\AppData\Local\Temp\00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe
  00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\it-IT\resource.xml"
  2⤵
  PID:6348
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml
  2⤵
  PID:7620
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c7-d2b2bc1ba3a6.exe
  2⤵
  PID:6692
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b890-d2b2bc1ba3a6.exe
  2⤵
  PID:9528
- C:\Users\Admin\AppData\Local\Temp\00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe
  00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\de-DE\resource.xml"
  2⤵
  PID:5492
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico"
  2⤵
  PID:6876
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata"
  2⤵
  PID:6808
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal"
  2⤵
  PID:9844
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81d-d2b2bc1ba3a6.exe
  2⤵
  PID:3976
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG"
  2⤵
  PID:7036
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\MANIFEST-000001"
  2⤵
  PID:6924
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml
  2⤵
  PID:9824
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001"
  2⤵
  PID:9836
- C:\Users\Admin\AppData\Local\Temp\0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe
  0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\offline
  2⤵
  PID:9856
- C:\Users\Admin\AppData\Local\Temp\00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Pictures"
  2⤵
  PID:7164
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml
  2⤵
  PID:9904
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab"
  2⤵
  PID:9244
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG"
  2⤵
  PID:6908
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml
  2⤵
  PID:7572
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml
  2⤵
  PID:6736
- C:\Users\Admin\AppData\Local\Temp\000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe
  000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml
  2⤵
  PID:7160
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
  2⤵
  PID:6508
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History"
  2⤵
  PID:7520
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
  2⤵
  PID:5556
- C:\Users\Admin\AppData\Local\Temp\004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\DenySave.xls
  2⤵
  PID:7020
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\fr-FR\resource.xml"
  2⤵
  PID:7464
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser"
  2⤵
  PID:7116
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK"
  2⤵
  PID:7004
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b822-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b822-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History"
  2⤵
  PID:7180
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab"
  2⤵
  PID:6844
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bf-d2b2bc1ba3a6.exe
  2⤵
  PID:5196
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c3-d2b2bc1ba3a6.exe
  2⤵
  PID:7080
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cb-d2b2bc1ba3a6.exe
  2⤵
  PID:9656
- C:\Users\Admin\AppData\Local\Temp\007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x64.log-MSI_vc_red.msi.txt
  2⤵
  PID:6848
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b818-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b818-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT"
  2⤵
  PID:6528
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b827-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b827-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001"
  2⤵
  PID:7512
- C:\Users\Admin\AppData\Local\Temp\00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe
  00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT
  2⤵
  PID:7356
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
  2⤵
  PID:7604
- C:\Users\Admin\AppData\Local\Temp\00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Music"
  2⤵
  - Executes dropped EXE
  PID:7056
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml
  2⤵
  PID:8000
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab"
  2⤵
  PID:5512
- C:\Users\Admin\AppData\Local\Temp\004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Application Data"
  2⤵
  PID:6712
- C:\Users\Admin\AppData\Local\Temp\0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\PrintHood
  2⤵
  PID:7040
- C:\Users\Admin\AppData\Local\Temp\0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe
  0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png"
  2⤵
  PID:6464
- C:\Users\Admin\AppData\Local\Temp\00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe
  00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
  2⤵
  PID:6336
- C:\Users\Admin\AppData\Local\Temp\0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe
  0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
  2⤵
  PID:6680
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13286548792216037"
  2⤵
  - Executes dropped EXE
  PID:5844
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b833-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b833-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences"
  2⤵
  PID:6328
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b826-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b826-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG"
  2⤵
  PID:6656
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml
  2⤵
  PID:6816
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b865-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b865-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002"
  2⤵
  PID:6312
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2"
  2⤵
  PID:6356
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons"
  2⤵
  PID:5656
- C:\Users\Admin\AppData\Local\Temp\0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Videos"
  2⤵
  PID:8048
- C:\Users\Admin\AppData\Local\Temp\007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Music"
  2⤵
  PID:7736
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab"
  2⤵
  PID:7424
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml
  2⤵
  PID:3832
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index"
  2⤵
  PID:9780
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat"
  2⤵
  PID:9848
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab"
  2⤵
  PID:8208
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2"
  2⤵
  PID:7816
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
  2⤵
  PID:8260
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml
  2⤵
  PID:7992
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml
  2⤵
  PID:8176
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ja-JP\resource.xml"
  2⤵
  PID:7876
- C:\Users\Admin\AppData\Local\Temp\0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe
  0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat
  2⤵
  PID:8216
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user.bmp"
  2⤵
  PID:8240
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b849-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b849-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0"
  2⤵
  PID:8168
- C:\Users\Admin\AppData\Local\Temp\002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml
  2⤵
  PID:6952
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b834-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b834-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferredApps"
  2⤵
  PID:5668
- C:\Users\Admin\AppData\Local\Temp\007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x64.log.html
  2⤵
  PID:7476
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State"
  2⤵
  PID:8244
- C:\Users\Admin\AppData\Local\Temp\000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe
  000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20220113_114700274.html"
  2⤵
  PID:8096
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b843-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b843-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG"
  2⤵
  PID:8100
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b816-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b816-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG"
  2⤵
  PID:7836
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
  2⤵
  PID:8160
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
  2⤵
  PID:10072
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
  2⤵
  PID:9980
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001"
  2⤵
  PID:8672
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\javapath\javaw.exe
  2⤵
  PID:8360
- C:\Users\Admin\AppData\Local\Temp\002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"
  2⤵
  PID:8204
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab"
  2⤵
  PID:5676
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml
  2⤵
  PID:8676
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85c-d2b2bc1ba3a6.exe
  2⤵
  PID:8536
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b830-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b830-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOCK"
  2⤵
  PID:8404
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0"
  2⤵
  PID:8408
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b875-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b875-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\History
  2⤵
  PID:8728
- C:\Users\Admin\AppData\Local\Temp\0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe
  0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png"
  2⤵
  PID:9756
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\it-IT\resource.xml"
  2⤵
  PID:5836
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b842-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b842-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK"
  2⤵
  PID:6028
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b855-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b855-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOCK"
  2⤵
  PID:8900
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8af-d2b2bc1ba3a6.exe
  2⤵
  PID:9520
- C:\Windows\system32\cmd.exe
  cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c6-d2b2bc1ba3a6.exe
  2⤵
  PID:9272
- C:\Users\Admin\AppData\Local\Temp\007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x86.log-MSI_vc_red.msi.txt
  2⤵
  PID:9580
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b846-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b846-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index"
  2⤵
  PID:8860
- C:\Users\Admin\AppData\Local\Temp\00436559-951f-11ec-b793-d2b2bc1ba3a6.exe
  00436559-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\MoveAdd.rtf
  2⤵
  PID:5796
- C:\Users\Admin\AppData\Local\Temp\007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\odt\office2016setup.exe
  2⤵
  PID:5908
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal"
  2⤵
  PID:9208
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1"
  2⤵
  PID:9060
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts"
  2⤵
  PID:9456
- C:\Users\Admin\AppData\Local\Temp\00420529-951f-11ec-b793-d2b2bc1ba3a6.exe
  00420529-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico"
  2⤵
  PID:6072
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13286548794324037"
  2⤵
  PID:9324
- C:\Users\Admin\AppData\Local\Temp\002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
  2⤵
  PID:7852
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
  2⤵
  PID:9608
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab"
  2⤵
  PID:9080
- C:\Users\Admin\AppData\Local\Temp\000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe
  000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml
  2⤵
  PID:10020
- C:\Users\Admin\AppData\Local\Temp\000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
  000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\x-none.16\stream.x64.x-none.man.dat
  2⤵
  - Executes dropped EXE
  PID:8736
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b851-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT"
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Users\Admin\AppData\Local\Temp\0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe
  0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml
  2⤵
  PID:6856
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b837-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences"
  2⤵
  - Executes dropped EXE
  PID:6972
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b848-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b848-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\the-real-index"
  2⤵
  PID:7600
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b847-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index"
  2⤵
  - Executes dropped EXE
  PID:7820
- C:\Users\Admin\AppData\Local\Temp\003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe
  003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml"
  2⤵
  PID:5196
- C:\Users\Admin\AppData\Local\Temp\0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\ProtectHide.pub
  2⤵
  PID:6744
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b817-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b817-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\MANIFEST-000001"
  2⤵
  PID:5684
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b814-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b814-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\CURRENT"
  2⤵
  PID:9520
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History-journal"
  2⤵
  PID:10268
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b831-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b831-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG"
  2⤵
  PID:10256
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b852-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b852-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOCK"
  2⤵
  PID:10304
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b828-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b828-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data"
  2⤵
  PID:10296
- C:\Users\Admin\AppData\Local\Temp\003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe
  003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\CREDHIST
  2⤵
  PID:10360
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b850-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b850-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State"
  2⤵
  PID:10352
- C:\Users\Admin\AppData\Local\Temp\007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Pictures"
  2⤵
  PID:10424
- C:\Users\Admin\AppData\Local\Temp\00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe
  00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml
  2⤵
  PID:10452
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b881-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b881-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal"
  2⤵
  PID:10480
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b858-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b858-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT"
  2⤵
  PID:10508
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user-40.png"
  2⤵
  PID:10564
- C:\Users\Admin\AppData\Local\Temp\00342331-951f-11ec-b790-d2b2bc1ba3a6.exe
  00342331-951f-11ec-b790-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml"
  2⤵
  PID:10592
- C:\Users\Admin\AppData\Local\Temp\007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\odt\config.xml
  2⤵
  PID:10616
- C:\Users\Admin\AppData\Local\Temp\00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Videos"
  2⤵
  PID:10536
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b856-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b856-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG"
  2⤵
  PID:10628
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity"
  2⤵
  PID:10676
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index"
  2⤵
  PID:10704
- C:\Users\Admin\AppData\Local\Temp\005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe
  005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\UnblockFormat.bmp
  2⤵
  PID:10712
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b859-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b859-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK"
  2⤵
  PID:10756
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001"
  2⤵
  PID:10772
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal"
  2⤵
  PID:10796
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b899-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b899-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3"
  2⤵
  PID:10856
- C:\Users\Admin\AppData\Local\Temp\0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\MergeConvert.xps
  2⤵
  PID:10872
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab"
  2⤵
  PID:10900
- C:\Users\Admin\AppData\Local\Temp\007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Videos"
  2⤵
  PID:10908
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b882-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b882-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT"
  2⤵
  PID:10936
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons"
  2⤵
  PID:10960
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b886-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b886-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data"
  2⤵
  PID:11008
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index"
  2⤵
  PID:11040
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK"
  2⤵
  PID:11048
- C:\Users\Admin\AppData\Local\Temp\007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\Recent
  2⤵
  PID:11120
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b824-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b824-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT"
  2⤵
  PID:11100
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi"
  2⤵
  PID:11132
- C:\Users\Admin\AppData\Local\Temp\007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\SendTo
  2⤵
  PID:11156
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index"
  2⤵
  PID:11200
- C:\Users\Admin\AppData\Local\Temp\00342331-951f-11ec-b791-d2b2bc1ba3a6.exe
  00342331-951f-11ec-b791-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\sj180660.cab
  2⤵
  PID:11236
- C:\Users\Admin\AppData\Local\Temp\0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\NetHood
  2⤵
  PID:11244
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT"
  2⤵
  PID:6760
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_2"
  2⤵
  PID:6896
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe C:\\ProgramData\Templates
  2⤵
  PID:5124
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG"
  2⤵
  PID:11300
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT"
  2⤵
  PID:11324
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State"
  2⤵
  PID:11332
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
  2⤵
  PID:11340
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml"
  2⤵
  PID:11392
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe "C:\\ProgramData\Start Menu"
  2⤵
  PID:11424
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index"
  2⤵
  PID:11464
- C:\Users\Admin\AppData\Local\Temp\00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\RemoveMerge.xps
  2⤵
  PID:11472
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
  2⤵
  PID:11540
- C:\Users\Admin\AppData\Local\Temp\004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\MeasureExit.mp3
  2⤵
  PID:11520
- C:\Users\Admin\AppData\Local\Temp\0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe
  0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Crypto\SystemKeys\f85409213665240541862e424382eed9_e269d2c1-0edf-4391-ac7b-818b8e88b04f
  2⤵
  PID:11572
- C:\Users\Admin\AppData\Local\Temp\001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe
  001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index
  2⤵
  PID:11616
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b860-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b860-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data"
  2⤵
  PID:11656
- C:\Users\Admin\AppData\Local\Temp\007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Start Menu"
  2⤵
  PID:11632
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b854-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b854-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001"
  2⤵
  PID:11708
- C:\Users\Admin\AppData\Local\Temp\003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe
  003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico"
  2⤵
  PID:11716
- C:\Users\Admin\AppData\Local\Temp\00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe
  00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\ss180660.cab
  2⤵
  PID:11724
- C:\Users\Admin\AppData\Local\Temp\00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe
  00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI115A.txt
  2⤵
  PID:11756
- C:\Users\Admin\AppData\Local\Temp\007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default User"
  2⤵
  PID:11800
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences"
  2⤵
  PID:11848
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b864-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b864-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG"
  2⤵
  PID:11856
- C:\Users\Admin\AppData\Local\Temp\00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\My Documents"
  2⤵
  PID:11868
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\es-ES\resource.xml"
  2⤵
  PID:11948
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\CURRENT"
  2⤵
  PID:11976
- C:\Users\Admin\AppData\Local\Temp\00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe
  00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\sz180660.cab
  2⤵
  PID:11988
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index"
  2⤵
  PID:12008
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b897-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b897-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1"
  2⤵
  PID:12020
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b891-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b891-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOCK"
  2⤵
  PID:12068
- C:\Users\Admin\AppData\Local\Temp\0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe
  0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\es-ES\resource.xml"
  2⤵
  PID:12096
- C:\Users\Admin\AppData\Local\Temp\00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\RequestReceive.xml
  2⤵
  PID:12120
- C:\Users\Admin\AppData\Local\Temp\002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"
  2⤵
  PID:12148
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0"
  2⤵
  PID:11880
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml
  2⤵
  PID:12220
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico"
  2⤵
  PID:12228
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml
  2⤵
  PID:12260
- C:\Users\Admin\AppData\Local\Temp\0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe
  0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
  2⤵
  PID:12284
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK"
  2⤵
  PID:10188
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi"
  2⤵
  PID:5972
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG"
  2⤵
  PID:6352
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml
  2⤵
  PID:6240
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b870-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b870-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1"
  2⤵
  PID:6512
- C:\Users\Admin\AppData\Local\Temp\000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe
  000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1125.txt
  2⤵
  PID:5960
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b868-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b868-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1"
  2⤵
  PID:8424
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3"
  2⤵
  PID:6140
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies"
  2⤵
  PID:8704
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml
  2⤵
  PID:7940
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
  2⤵
  PID:5644
- C:\Users\Admin\AppData\Local\Temp\00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
  00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Local Settings"
  2⤵
  PID:5724
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3"
  2⤵
  PID:5700
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State"
  2⤵
  PID:8396
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b893-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b893-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001"
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b857-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b857-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001"
  2⤵
  PID:12292
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0"
  2⤵
  PID:12304
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b866-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b866-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\First Run"
  2⤵
  PID:12312
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico"
  2⤵
  PID:12336
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b885-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b885-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001"
  2⤵
  PID:12372
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml
  2⤵
  PID:12428
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\MANIFEST-000001"
  2⤵
  PID:12492
- C:\Users\Admin\AppData\Local\Temp\0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe
  0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_66_x64\jre1.8.0_66.msi
  2⤵
  PID:12504
- C:\Users\Admin\AppData\Local\Temp\00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe
  00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml"
  2⤵
  PID:12484
- C:\Users\Admin\AppData\Local\Temp\0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
  0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Opened.docx
  2⤵
  PID:12560
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\javapath\javaws.exe
  2⤵
  PID:12592
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml
  2⤵
  PID:12616
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat"
  2⤵
  PID:12644
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml
  2⤵
  PID:12656
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2B7113FF-0401-476A-9DCD-E791D6F8EE3B
  2⤵
  PID:12696
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt"
  2⤵
  PID:12688
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Office\ClickToRunPackageLocker
  2⤵
  PID:12752
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{04D6A65B-7467-11EC-B99B-7EE208A7DFD1}.dat"
  2⤵
  PID:12744
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\MANIFEST-000001"
  2⤵
  PID:12832
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b819-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b819-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK"
  2⤵
  PID:12820
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml
  2⤵
  PID:12860
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\msoia.exe_Rules.xml
  2⤵
  PID:12892
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b844-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b844-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001"
  2⤵
  PID:12932
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Diagnosis\osver.txt
  2⤵
  PID:12964
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml
  2⤵
  PID:12980
- C:\Users\Admin\AppData\Local\Temp\0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe
  0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1346565761-3498240568-4147300184-1000\0f5007522459c86e95ffcc62f32308f1_e269d2c1-0edf-4391-ac7b-818b8e88b04f
  2⤵
  PID:13004
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3"
  2⤵
  PID:13036
- C:\Users\Admin\AppData\Local\Temp\0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe
  0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\fr-FR\resource.xml"
  2⤵
  PID:13088
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUs
  2⤵
  PID:13108
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml
  2⤵
  PID:13148
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"
  2⤵
  PID:13136
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat"
  2⤵
  PID:13180
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b869-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b869-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2"
  2⤵
  PID:13172
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\MANIFEST-000001"
  2⤵
  PID:13244
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK"
  2⤵
  PID:13232
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CAF962B8-C29D-4A67-B9DB-53E0E643EEE4
  2⤵
  PID:8772
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml"
  2⤵
  PID:4028
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsYSw=
  2⤵
  PID:9784
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
  2⤵
  PID:6684
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b845-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b845-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index"
  2⤵
  PID:6524
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\24E5136994AE5D575A3E0A087D0E2D0658CBC7A6
  2⤵
  PID:13328
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml
  2⤵
  PID:13376
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\installcache_x64\baseimagefam8
  2⤵
  PID:13392
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\2BF26D07E908AEF2A6E2C2BF13D790BDE604017B
  2⤵
  PID:13412
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml
  2⤵
  PID:13460
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab"
  2⤵
  PID:13488
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml
  2⤵
  PID:13516
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b872-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b872-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3"
  2⤵
  PID:13532
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b829-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b829-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal"
  2⤵
  PID:13552
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml
  2⤵
  PID:13584
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT"
  2⤵
  PID:13612
- C:\Users\Admin\AppData\Local\Temp\0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe
  0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi
  2⤵
  PID:13656
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat"
  2⤵
  PID:13664
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\4BDD5ECEBDDB7CDE9E26DFBF21E2F3A314B7739D
  2⤵
  PID:13696
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml
  2⤵
  PID:13728
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
  2⤵
  PID:13776
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml
  2⤵
  PID:13812
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1
  2⤵
  PID:13828
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml
  2⤵
  PID:13848
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico"
  2⤵
  PID:13876
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b835-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b835-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL"
  2⤵
  PID:13884
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml
  2⤵
  PID:13900
- C:\Users\Admin\AppData\Local\Temp\002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe
  002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml
  2⤵
  PID:13920
- C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe
  0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab"
  2⤵
  PID:13928
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b892-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b892-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG"
  2⤵
  PID:13956
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b832-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b832-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001"
  2⤵
  PID:13992
- C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b877-d2b2bc1ba3a6.exe
  00462471-951f-11ec-b877-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\D314169AF6A7C315416B4031A87D7CDC2D43B91B
  2⤵
  PID:14012
- C:\Windows\SYSTEM32\timeout.exe
  timeout /t 30 && C:\Windows\system32\cmd.exe /C del C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
  2⤵
  - Delays execution with timeout.exe
  PID:7908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe

MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit