4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

Resubmissions

24-02-2022 16:15

220224-tql4kadcf3 10

24-02-2022 03:08

220224-dmw7csbgg3 10

Analysis

max time kernel
125s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
24-02-2022 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43564aa0-94f8-11ec-9d1d-005056a01a83.exe
Size

3.1MB
MD5

d5d2c4ac6c724cd63b69ca054713e278
SHA1

f32d791ec9e6385a91b45942c230f52aff1626df
SHA256

4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
SHA512

9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\read_me.html

Ransom Note

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> </head> <body> "The only thing that we learn from new elections is we learned nothing from the old!" <hr> <hr> Thank you for your vote! All your files, documents, photoes, videos, databases etc. have been successfully encrypted! Now your computer has a special ID: ffe5192d-951e-11ec-b788-d2b2bc1ba3a6 <hr> Do not try to decrypt then by yourself - it's impossible! It's just a business and we care only about getting benefits. The only way to get your files back is to contact us and get further instuctions. To prove that we have a decryptor send us any encrypted file (less than 650 kbytes) and we'll send you it back being decrypted. This is our guarantee. NOTE: Do not send file with sensitive content. In the email write us your computer's special ID (mentioned above). <hr> <hr> So if you want to get your files back contact us: 1) vote2024forjb@protonmail.com 2) stephanie.jones2024@protonmail.com - if we dont't answer you during 3 days <hr> Have a nice day! </body> </html>

Emails

vote2024forjb@protonmail.com

stephanie.jones2024@protonmail.com

Signatures

Executes dropped EXE 64 IoCs

Processes:

00068672-951f-11ec-b788-d2b2bc1ba3a6.exefff01502-951e-11ec-b788-d2b2bc1ba3a6.exeffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exefffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exefff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exefff57040-951e-11ec-b788-d2b2bc1ba3a6.exefff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.execmd.exe005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe00462471-951f-11ec-b847-d2b2bc1ba3a6.exefffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe00087f5a-951f-11ec-b788-d2b2bc1ba3a6.execmd.exe00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe002f4115-951f-11ec-b78e-d2b2bc1ba3a6.execmd.exefffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exefff917df-951e-11ec-b788-d2b2bc1ba3a6.exe001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exefff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe00462471-951f-11ec-b839-d2b2bc1ba3a6.exe00462471-951f-11ec-b862-d2b2bc1ba3a6.exe002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe00462471-951f-11ec-b851-d2b2bc1ba3a6.exe001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe000216df-951f-11ec-b788-d2b2bc1ba3a6.exe001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exefff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe00462471-951f-11ec-b837-d2b2bc1ba3a6.exefffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe

pid	process
7048	00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
7068	fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
7188	ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
7252	fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
7268	0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
7292	fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
7300	fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
7340	fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
8580	006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8704	00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8736	000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
8756	0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
8772	cmd.exe
9096	005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
9152	005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
7056	00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
7280	0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
7820	00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
5692	fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
5852	001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
5844	00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
5780	0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
5756	00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
9240	cmd.exe
9296	00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
9768	001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
9976	002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
9992	cmd.exe
10000	fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
10100	0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
10112	00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
10124	001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
10136	fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
10172	001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
6132	0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
4952	fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
4468	000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
5988	001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
1352	005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
5856	00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
3736	001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
2524	003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
2904	00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
5900	00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
5148	002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
8740	001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
4488	00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
5680	00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
1864	001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
5156	003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
5208	004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
3864	00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
5788	000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
9788	001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
9796	002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
9636	fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
7232	006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
9860	0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
7204	0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
6972	00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
6780	fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
9696	00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
6212	00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
5484	0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

7908 timeout.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

pid process

6232 000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

pid	process
7908	timeout.exe

pid	process
6232	000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

43564aa0-94f8-11ec-9d1d-005056a01a83.exe

description	pid	process	target process
PID 4332 wrote to memory of 3060	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3060	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1836	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1836	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4688	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4688	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4176	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4176	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4640	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4640	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4192	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4192	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4704	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4704	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3860	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3860	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1696	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1696	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2024	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2024	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3724	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3724	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4236	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4236	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1220	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1220	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2876	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2876	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3500	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3500	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2764	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2764	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3400	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3400	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 256	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 256	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2172	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2172	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1324	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1324	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4280	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4280	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3600	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 3600	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4372	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4372	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2736	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2736	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4128	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4128	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4480	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4468	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4468	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4488	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4488	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4452	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 4452	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1788	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 1788	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2540	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe
PID 4332 wrote to memory of 2540	4332	43564aa0-94f8-11ec-9d1d-005056a01a83.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
"C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4332

C:\Windows\system32\cmd.exe
cmd /C copy C:\Users\Admin\AppData\Local\Temp\read_me.html C:\Users\Admin\Desktop\read_me.html
2⤵
PID:3060

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1836

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:3860

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:2024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:4236

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:3724

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1220

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:2876

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:3500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:2764

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:3400

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:2172

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:1324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:4280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:3600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:4372

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:2736

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:4128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:4468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:4452

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:1788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:3452

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:4716

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:2540

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
2⤵
PID:5068

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:5084

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:4952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
2⤵
PID:4488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:4480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe
2⤵
PID:4216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:636

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:2604

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:2596

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:1888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:1864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:1080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:1028

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
2⤵
PID:1372

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:1528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:1732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:2064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:412

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:1788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe
2⤵
PID:4644

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b836-d2b2bc1ba3a6.exe
2⤵
PID:4252

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
2⤵
PID:4044

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:3136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:3244

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:3572

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
2⤵
PID:2624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:3560

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe
2⤵
PID:2604

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00419180-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:3864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:3336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:1852

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:1776

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
2⤵
PID:1088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
2⤵
PID:1028

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe
2⤵
PID:1096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe
2⤵
PID:4716

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:2064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:5136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:5144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5164

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:5176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:5184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5456

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5464

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:5472

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5496

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00102079-951f-11ec-b789-d2b2bc1ba3a6.exe
2⤵
PID:5524

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5536

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5544

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5560

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5568

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5584

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5664

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5680

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:5696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:5712

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5720

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5728

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5736

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5744

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5752

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:5760

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:5768

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:5776

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5792

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:5856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5900

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:5912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:5944

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:5952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:5960

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:5968

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:5976

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:5984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:5992

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe
2⤵
PID:6000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe
2⤵
PID:6008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe
2⤵
PID:6020

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe
2⤵
PID:6032

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe
2⤵
PID:6040

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:6056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe
2⤵
PID:6084

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:6096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe
2⤵
PID:6104

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe
2⤵
PID:6120

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe
2⤵
PID:4216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe
2⤵
PID:4488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe
2⤵
PID:3672

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe
2⤵
PID:1900

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
2⤵
PID:824

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:2520

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe
2⤵
PID:652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe
2⤵
PID:948

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe
2⤵
PID:2880

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe
2⤵
PID:2624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe
2⤵
PID:3864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe
2⤵
PID:1036

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe
2⤵
PID:1372

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:1852

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:4528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:1088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:1776

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:3504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:1528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:1196

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:5172

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:5160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5196

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5212

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5204

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5236

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00395564-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:5228

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:5224

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:5248

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:5268

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00436559-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:5276

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:5288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:1028

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:5164

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:5512

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:5504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe
2⤵
PID:5532

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe
2⤵
PID:5520

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe
2⤵
PID:5580

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:5480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe
2⤵
PID:5600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe
2⤵
PID:5616

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe
2⤵
PID:5608

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe
2⤵
PID:5488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:5636

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe
2⤵
PID:5632

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe
2⤵
PID:5628

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe
2⤵
PID:5552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe
2⤵
PID:5564

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe
2⤵
PID:5652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe
2⤵
PID:5656

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe
2⤵
PID:3484

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe
2⤵
PID:6160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe
2⤵
PID:6168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe
2⤵
PID:6176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b814-d2b2bc1ba3a6.exe
2⤵
PID:6184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b815-d2b2bc1ba3a6.exe
2⤵
PID:6208

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b817-d2b2bc1ba3a6.exe
2⤵
PID:6200

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b816-d2b2bc1ba3a6.exe
2⤵
PID:6232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b818-d2b2bc1ba3a6.exe
2⤵
PID:6240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe
2⤵
PID:6264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe
2⤵
PID:6272

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe
2⤵
PID:6280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe
2⤵
PID:6288

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe
2⤵
PID:6296

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe
2⤵
PID:6304

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b821-d2b2bc1ba3a6.exe
2⤵
PID:6312

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe
2⤵
PID:6320

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b822-d2b2bc1ba3a6.exe
2⤵
PID:6328

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe
2⤵
PID:6336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe
2⤵
PID:6344

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe
2⤵
PID:6356

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b826-d2b2bc1ba3a6.exe
2⤵
PID:6376

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b827-d2b2bc1ba3a6.exe
2⤵
PID:6384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe
2⤵
PID:6392

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe
2⤵
PID:6400

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe
2⤵
PID:6408

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe
2⤵
PID:6416

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe
2⤵
PID:6424

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe
2⤵
PID:6436

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe
2⤵
PID:6448

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:6464

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe
2⤵
PID:6480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe
2⤵
PID:6504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b830-d2b2bc1ba3a6.exe
2⤵
PID:6512

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe
2⤵
PID:6532

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b833-d2b2bc1ba3a6.exe
2⤵
PID:6552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b834-d2b2bc1ba3a6.exe
2⤵
PID:6560

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:6568

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:6576

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe
2⤵
PID:6584

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe
2⤵
PID:6592

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe
2⤵
PID:6600

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe
2⤵
PID:6608

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
2⤵
PID:6620

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe
2⤵
PID:6632

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe
2⤵
PID:6640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe
2⤵
PID:6648

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe
2⤵
PID:6656

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe
2⤵
PID:6664

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe
2⤵
PID:6672

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe
2⤵
PID:6680

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe
2⤵
PID:6688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b865-d2b2bc1ba3a6.exe
2⤵
PID:6696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:6712

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:6732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:6752

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe
2⤵
PID:6788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:6816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:6832

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe
2⤵
PID:6848

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b842-d2b2bc1ba3a6.exe
2⤵
PID:6868

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:6880

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe
2⤵
PID:6896

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b843-d2b2bc1ba3a6.exe
2⤵
PID:6912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe
2⤵
PID:6932

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:6944

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:6952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00347197-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:6992

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe
2⤵
PID:6968

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:7016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
00068672-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat
2⤵
- Executes dropped EXE
PID:7048

C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi
2⤵
- Executes dropped EXE
PID:7068

C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\vcredist2010_x86.log.html
2⤵
- Executes dropped EXE
PID:7188

C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml
2⤵
- Executes dropped EXE
PID:7252

C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml
2⤵
- Executes dropped EXE
PID:7268

C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab
2⤵
- Executes dropped EXE
PID:7292

C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
2⤵
- Executes dropped EXE
PID:7300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png
2⤵
- Executes dropped EXE
PID:7340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe
2⤵
PID:7384

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe
2⤵
PID:7424

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe
2⤵
PID:7504

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:7552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b831-d2b2bc1ba3a6.exe
2⤵
PID:7540

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7532

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:7524

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b828-d2b2bc1ba3a6.exe
2⤵
PID:7488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:7476

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe
2⤵
PID:7444

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7756

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:7804

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b846-d2b2bc1ba3a6.exe
2⤵
PID:7812

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b849-d2b2bc1ba3a6.exe
2⤵
PID:7844

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe
2⤵
PID:7856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe
2⤵
PID:7864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b848-d2b2bc1ba3a6.exe
2⤵
PID:7836

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe
2⤵
PID:7872

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
2⤵
PID:7824

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b852-d2b2bc1ba3a6.exe
2⤵
PID:7892

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b850-d2b2bc1ba3a6.exe
2⤵
PID:7924

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
2⤵
PID:7964

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe
2⤵
PID:8016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe
2⤵
PID:7988

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe
2⤵
PID:8092

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe
2⤵
PID:8100

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b875-d2b2bc1ba3a6.exe
2⤵
PID:7980

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:8160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe
2⤵
PID:7940

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
2⤵
PID:7944

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b855-d2b2bc1ba3a6.exe
2⤵
PID:8200

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b856-d2b2bc1ba3a6.exe
2⤵
PID:8280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b858-d2b2bc1ba3a6.exe
2⤵
PID:8300

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b859-d2b2bc1ba3a6.exe
2⤵
PID:8316

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8356

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe
2⤵
PID:8404

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe
2⤵
PID:8392

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8380

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8428

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe
2⤵
PID:8444

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe
2⤵
PID:8420

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe
2⤵
PID:8460

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe
2⤵
PID:8468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe
2⤵
PID:8476

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe
2⤵
PID:8492

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b881-d2b2bc1ba3a6.exe
2⤵
PID:8500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00342331-951f-11ec-b790-d2b2bc1ba3a6.exe
2⤵
PID:8508

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:8516

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b882-d2b2bc1ba3a6.exe
2⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\AppData\Local\Application Data"
2⤵
- Executes dropped EXE
PID:8580

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00420529-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:8560

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b860-d2b2bc1ba3a6.exe
2⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Admin\Start Menu"
2⤵
- Executes dropped EXE
PID:8704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe
2⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\SendTo
2⤵
- Executes dropped EXE
PID:8756

C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\All Users"
2⤵
PID:8772

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe
2⤵
PID:8784

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe
2⤵
PID:8792

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe
2⤵
PID:8800

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe
2⤵
PID:8808

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe
2⤵
PID:8816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:8824

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8832

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe
2⤵
PID:8840

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b866-d2b2bc1ba3a6.exe
2⤵
PID:8848

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe
2⤵
PID:8856

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe
2⤵
PID:8864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:8872

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b824-d2b2bc1ba3a6.exe
2⤵
PID:8880

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8888

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00342331-951f-11ec-b791-d2b2bc1ba3a6.exe
2⤵
PID:8896

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b854-d2b2bc1ba3a6.exe
2⤵
PID:8904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b857-d2b2bc1ba3a6.exe
2⤵
PID:8912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe
2⤵
PID:8920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe
2⤵
PID:8928

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:8936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe
2⤵
PID:8944

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe
2⤵
PID:8952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe
2⤵
PID:8960

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8968

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8976

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe
2⤵
PID:8984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b868-d2b2bc1ba3a6.exe
2⤵
PID:8992

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe
2⤵
PID:9000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:9008

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b864-d2b2bc1ba3a6.exe
2⤵
PID:9016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe
2⤵
PID:9024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe
2⤵
PID:9032

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:9040

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:9048

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe
2⤵
PID:9056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe
2⤵
PID:9064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe
2⤵
PID:9072

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b885-d2b2bc1ba3a6.exe
2⤵
PID:9080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe
2⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\PrintHood
2⤵
- Executes dropped EXE
PID:9096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe
2⤵
PID:9116

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe
2⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Admin\Recent
2⤵
- Executes dropped EXE
PID:9152

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b886-d2b2bc1ba3a6.exe
2⤵
PID:9144

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe
2⤵
PID:9184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe
2⤵
PID:9192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe
2⤵
PID:9212

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe
2⤵
PID:9204

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe
2⤵
PID:1844

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:8324

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:2632

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b870-d2b2bc1ba3a6.exe
2⤵
PID:7796

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:1220

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe
2⤵
PID:7800

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b893-d2b2bc1ba3a6.exe
2⤵
PID:4060

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b891-d2b2bc1ba3a6.exe
2⤵
PID:2920

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe
2⤵
PID:7652

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe
2⤵
PID:7648

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe
2⤵
PID:7688

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:7936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe
2⤵
PID:7908

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe
2⤵
PID:7880

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b897-d2b2bc1ba3a6.exe
2⤵
PID:7192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:7952

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe
2⤵
PID:8028

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:8076

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe
2⤵
PID:7340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe
2⤵
PID:7912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b899-d2b2bc1ba3a6.exe
2⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
00347197-951f-11ec-b791-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png"
2⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies-journal
2⤵
- Executes dropped EXE
PID:7280

C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml"
2⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\tinytile.png
2⤵
- Executes dropped EXE
PID:5692

C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\CURRENT"
2⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
2⤵
- Executes dropped EXE
PID:5852

C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
2⤵
- Executes dropped EXE
PID:9296

C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB0D848F74F70BB2EAA93746D24D9749
2⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png"
2⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml
2⤵
- Executes dropped EXE
PID:9768

C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
2⤵
- Executes dropped EXE
PID:5780

C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2⤵
- Executes dropped EXE
PID:9976

C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml
2⤵
- Executes dropped EXE
PID:10000

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe
2⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
2⤵
- Executes dropped EXE
PID:10100

C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml
2⤵
- Executes dropped EXE
PID:10112

C:\Users\Admin\AppData\Local\Temp\001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
2⤵
- Executes dropped EXE
PID:10124

C:\Users\Admin\AppData\Local\Temp\fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe "C:\\ProgramData\Application Data"
2⤵
- Executes dropped EXE
PID:10136

C:\Users\Admin\AppData\Local\Temp\001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe
001b91f7-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3
2⤵
- Executes dropped EXE
PID:10172

C:\Users\Admin\AppData\Local\Temp\0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe
0036e29e-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\DebugConvertTo.pub
2⤵
- Executes dropped EXE
PID:6132

C:\Users\Admin\AppData\Local\Temp\fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe
fff6f742-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png
2⤵
- Executes dropped EXE
PID:4952

C:\Users\Admin\AppData\Local\Temp\000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe
000105a8-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat
2⤵
- Executes dropped EXE
PID:4468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe
2⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe
001d3f9f-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOCK
2⤵
- Executes dropped EXE
PID:5988

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe
2⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe
00215e6c-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies
2⤵
PID:1352

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe
2⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe
00230bca-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml
2⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe
001fb257-951f-11ec-b78c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links"
2⤵
- Executes dropped EXE
PID:3736

C:\Users\Admin\AppData\Local\Temp\003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe
003a3d7c-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
2⤵
- Executes dropped EXE
PID:2524

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe
2⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b862-d2b2bc1ba3a6.exe
00462471-951f-11ec-b862-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT"
2⤵
- Executes dropped EXE
PID:5900

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b839-d2b2bc1ba3a6.exe
00462471-951f-11ec-b839-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK"
2⤵
- Executes dropped EXE
PID:2904

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe
2⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe
002a5f47-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml
2⤵
- Executes dropped EXE
PID:5148

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe
2⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe
001ddc52-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml
2⤵
- Executes dropped EXE
PID:8740

C:\Users\Admin\AppData\Local\Temp\003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe
003a166a-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ja-JP\resource.xml"
2⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe
00180fb6-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0
2⤵
PID:5680

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe
2⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe
001fd7bf-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml
2⤵
- Executes dropped EXE
PID:1864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe
2⤵
PID:6256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe
2⤵
PID:1096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe
2⤵
PID:1732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe
2⤵
PID:3336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe
2⤵
PID:6432

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b844-d2b2bc1ba3a6.exe
2⤵
PID:1716

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe
2⤵
PID:6216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe
2⤵
PID:6192

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe
2⤵
PID:5500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b819-d2b2bc1ba3a6.exe
2⤵
PID:640

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe
2⤵
PID:5284

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe
2⤵
PID:6352

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:2064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:6456

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe
2⤵
PID:1088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe
2⤵
PID:3136

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b869-d2b2bc1ba3a6.exe
2⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe
003e0f02-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1346565761-3498240568-4147300184-1000\Preferred
2⤵
- Executes dropped EXE
PID:5156

C:\Users\Admin\AppData\Local\Temp\004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe
004512e6-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\AlternateServices.txt
2⤵
- Executes dropped EXE
PID:5208

C:\Users\Admin\AppData\Local\Temp\003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe
003b9cdc-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico"
2⤵
PID:3864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe
2⤵
PID:5212

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe
2⤵
PID:5168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe
2⤵
PID:9500

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe
2⤵
- Executes dropped EXE
PID:8772

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe
2⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\000216df-951f-11ec-b788-d2b2bc1ba3a6.exe
000216df-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
2⤵
- Executes dropped EXE
PID:5788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe
2⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe
002f6945-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2⤵
- Executes dropped EXE
PID:9796

C:\Users\Admin\AppData\Local\Temp\ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe
ffff092a-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
2⤵
PID:9788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe
2⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe
fff9d9c9-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\tinytile.png
2⤵
- Executes dropped EXE
PID:9636

C:\Users\Admin\AppData\Local\Temp\006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe
006f3087-951f-11ec-b8d4-d2b2bc1ba3a6.exe C:\\Users\Default\AppData\Local\History
2⤵
- Executes dropped EXE
PID:7232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe
2⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe
0038df17-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user.png"
2⤵
- Executes dropped EXE
PID:9860

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe
2⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe
0012b832-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml
2⤵
- Executes dropped EXE
PID:7204

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b845-d2b2bc1ba3a6.exe
2⤵
PID:7624

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe
2⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe
004560fc-951f-11ec-b794-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\de-DE\resource.xml"
2⤵
PID:6972

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe
2⤵
PID:6684

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe
2⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe
fffa9d49-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Desktop
2⤵
- Executes dropped EXE
PID:6780

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe
2⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe
00453a69-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\SecurityPreloadState.txt
2⤵
- Executes dropped EXE
PID:9696

C:\Users\Admin\AppData\Local\Temp\00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe
00449d80-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20200403170909"
2⤵
- Executes dropped EXE
PID:6212

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe
2⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7cb-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user-32.png"
2⤵
- Executes dropped EXE
PID:5484

C:\Users\Admin\AppData\Local\Temp\003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe
003b0128-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
2⤵
PID:7036

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe
2⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe
0046731d-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\pkcs11.txt
2⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe
0045af0b-951f-11ec-b794-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\SiteSecurityServiceState.txt
2⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b836-d2b2bc1ba3a6.exe
00462471-951f-11ec-b836-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal"
2⤵
PID:6340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b829-d2b2bc1ba3a6.exe
2⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe
fffaea62-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Documents
2⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe
00469aa5-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1pj39gsm.default-release\pluginreg.dat
2⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe
00478429-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ReadInitialize.css
2⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe
0003286f-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat
2⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c7-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\Admin.dat"
2⤵
PID:7064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b872-d2b2bc1ba3a6.exe
2⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe
fffac43d-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png
2⤵
PID:7436

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe
2⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe
00475cef-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\PopAssert.ico
2⤵
PID:6540

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe
2⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe
00422d43-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl
2⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe
004512e6-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico"
2⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe
0006d1c6-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\en-us.16\MasterDescriptor.en-us.xml
2⤵
PID:6980

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe
2⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\00419180-951f-11ec-b793-d2b2bc1ba3a6.exe
00419180-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico"
2⤵
PID:5884

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe
2⤵
PID:7604

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe
2⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe
0047f969-951f-11ec-b8cd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ReceiveStep.bmp
2⤵
PID:7184

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe
0006f85d-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\en-us.16\stream.x64.en-us.man.dat
2⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe
00034fb9-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml
2⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe
000ac99d-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat
2⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0047f969-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\RequestRestore.cfg
2⤵
PID:7356

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe
2⤵
PID:6544

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b892-d2b2bc1ba3a6.exe
2⤵
PID:7596

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe
2⤵
PID:7484

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe
2⤵
PID:7088

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b835-d2b2bc1ba3a6.exe
2⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004895bd-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\RevokeStep.dot
2⤵
PID:6616

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe
2⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe
000c29fd-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\x-none.16\MasterDescriptor.x-none.xml
2⤵
PID:7440

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b832-d2b2bc1ba3a6.exe
2⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe
000796e4-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat
2⤵
PID:7728

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe
2⤵
PID:6936

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe
00087f5a-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\mergedVirtualRegistry.dat
2⤵
- Executes dropped EXE
PID:5756

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe
2⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004a1cec-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\StartComplete.png
2⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\00102079-951f-11ec-b789-d2b2bc1ba3a6.exe
00102079-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml
2⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe
000d88b6-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
2⤵
- Suspicious behavior: RenamesItself
PID:6232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe
2⤵
PID:9972

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b877-d2b2bc1ba3a6.exe
2⤵
PID:6732

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c8-d2b2bc1ba3a6.exe
2⤵
PID:6336

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ca-d2b2bc1ba3a6.exe
2⤵
PID:6264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e7-d2b2bc1ba3a6.exe
2⤵
PID:6608

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b878-d2b2bc1ba3a6.exe
2⤵
PID:6168

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87f-d2b2bc1ba3a6.exe
2⤵
PID:5552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003e0f02-951f-11ec-b793-d2b2bc1ba3a6.exe
2⤵
PID:6176

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b853-d2b2bc1ba3a6.exe
2⤵
- Executes dropped EXE
PID:9240

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cd-d2b2bc1ba3a6.exe
2⤵
PID:6680

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89b-d2b2bc1ba3a6.exe
2⤵
PID:6816

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7b6-d2b2bc1ba3a6.exe
2⤵
PID:6344

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7aa-d2b2bc1ba3a6.exe
2⤵
PID:6296

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ec-d2b2bc1ba3a6.exe
2⤵
PID:6576

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c1-d2b2bc1ba3a6.exe
2⤵
PID:6632

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b838-d2b2bc1ba3a6.exe
2⤵
PID:6280

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b879-d2b2bc1ba3a6.exe
2⤵
PID:6436

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 002bbe61-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
PID:5580

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 004a9224-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:8656

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ca-d2b2bc1ba3a6.exe
2⤵
PID:5656

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b874-d2b2bc1ba3a6.exe
2⤵
PID:6956

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b898-d2b2bc1ba3a6.exe
2⤵
PID:8048

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c9-d2b2bc1ba3a6.exe
2⤵
PID:8112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0055189e-951f-11ec-b8ce-d2b2bc1ba3a6.exe
2⤵
PID:7428

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b861-d2b2bc1ba3a6.exe
2⤵
PID:8056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033383d-951f-11ec-b78f-d2b2bc1ba3a6.exe
2⤵
PID:7984

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b873-d2b2bc1ba3a6.exe
2⤵
PID:7308

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87c-d2b2bc1ba3a6.exe
2⤵
PID:5728

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b87d-d2b2bc1ba3a6.exe
2⤵
PID:5828

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b813-d2b2bc1ba3a6.exe
2⤵
PID:9620

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79a-d2b2bc1ba3a6.exe
2⤵
PID:9480

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b811-d2b2bc1ba3a6.exe
2⤵
PID:5848

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81b-d2b2bc1ba3a6.exe
2⤵
PID:9912

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b884-d2b2bc1ba3a6.exe
2⤵
PID:9864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a4-d2b2bc1ba3a6.exe
2⤵
PID:8260

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a2-d2b2bc1ba3a6.exe
2⤵
PID:7992

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a7-d2b2bc1ba3a6.exe
2⤵
PID:8128

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b820-d2b2bc1ba3a6.exe
2⤵
PID:8116

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b876-d2b2bc1ba3a6.exe
2⤵
PID:8156

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c9-d2b2bc1ba3a6.exe
2⤵
PID:8364

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007bdae1-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8228

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7d0-d2b2bc1ba3a6.exe
2⤵
PID:7840

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84d-d2b2bc1ba3a6.exe
2⤵
PID:8216

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84b-d2b2bc1ba3a6.exe
2⤵
PID:8264

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79f-d2b2bc1ba3a6.exe
2⤵
PID:7528

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b871-d2b2bc1ba3a6.exe
2⤵
PID:7544

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8be-d2b2bc1ba3a6.exe
2⤵
PID:8148

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b863-d2b2bc1ba3a6.exe
2⤵
PID:8232

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7bc-d2b2bc1ba3a6.exe
2⤵
PID:8244

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b79d-d2b2bc1ba3a6.exe
2⤵
PID:8224

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b823-d2b2bc1ba3a6.exe
2⤵
PID:8388

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c0-d2b2bc1ba3a6.exe
2⤵
PID:8096

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b825-d2b2bc1ba3a6.exe
2⤵
PID:7784

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ad-d2b2bc1ba3a6.exe
2⤵
PID:10056

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cf-d2b2bc1ba3a6.exe
2⤵
PID:10064

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0030794d-951f-11ec-b78e-d2b2bc1ba3a6.exe
2⤵
- Executes dropped EXE
PID:9992

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7cd-d2b2bc1ba3a6.exe
2⤵
PID:8016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85b-d2b2bc1ba3a6.exe
2⤵
PID:10076

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85a-d2b2bc1ba3a6.exe
2⤵
PID:10084

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b867-d2b2bc1ba3a6.exe
2⤵
PID:8160

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c2-d2b2bc1ba3a6.exe
2⤵
PID:7836

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a3-d2b2bc1ba3a6.exe
2⤵
PID:7964

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b841-d2b2bc1ba3a6.exe
2⤵
PID:7756

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7c8-d2b2bc1ba3a6.exe
2⤵
PID:10040

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b888-d2b2bc1ba3a6.exe
2⤵
PID:10032

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 003645c9-951f-11ec-b792-d2b2bc1ba3a6.exe
2⤵
PID:7812

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 007683f4-951f-11ec-b8d5-d2b2bc1ba3a6.exe
2⤵
PID:8456

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0033fe6a-951f-11ec-b790-d2b2bc1ba3a6.exe
2⤵
PID:8696

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00687968-951f-11ec-b8d4-d2b2bc1ba3a6.exe
2⤵
PID:8536

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e2-d2b2bc1ba3a6.exe
2⤵
PID:8664

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b86d-d2b2bc1ba3a6.exe
2⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004adf51-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\UnregisterUnlock.png
2⤵
PID:8568

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b880-d2b2bc1ba3a6.exe
2⤵
PID:8488

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7ef-d2b2bc1ba3a6.exe
2⤵
PID:8552

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cc-d2b2bc1ba3a6.exe
2⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe
00102079-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI115A.txt
2⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004bf148-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Cookies
2⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe
00135447-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml
2⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004e88fd-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\ProtectEdit.txt
2⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004dc580-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\MountFormat.avi
2⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004c8ca5-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\ExitSet.xps
2⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004f7c78-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Are.docx
2⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004ed718-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\RemoveInvoke.zip
2⤵
PID:7940

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f0-d2b2bc1ba3a6.exe
2⤵
PID:9112

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b883-d2b2bc1ba3a6.exe
2⤵
PID:8356

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f7-d2b2bc1ba3a6.exe
2⤵
PID:8492

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a3-d2b2bc1ba3a6.exe
2⤵
PID:8316

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b887-d2b2bc1ba3a6.exe
2⤵
PID:8460

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b801-d2b2bc1ba3a6.exe
2⤵
PID:9512

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bb-d2b2bc1ba3a6.exe
2⤵
PID:9148

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f9-d2b2bc1ba3a6.exe
2⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe
00141a81-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\jawshtml.html
2⤵
PID:9580

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88d-d2b2bc1ba3a6.exe
2⤵
PID:9044

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7e8-d2b2bc1ba3a6.exe
2⤵
PID:9404

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b9-d2b2bc1ba3a6.exe
2⤵
PID:8924

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88a-d2b2bc1ba3a6.exe
2⤵
PID:8892

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84e-d2b2bc1ba3a6.exe
2⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe
005085b0-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Files.docx
2⤵
PID:8884

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b895-d2b2bc1ba3a6.exe
2⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00500f4a-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\ExitInitialize.doc
2⤵
PID:8024

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89d-d2b2bc1ba3a6.exe
2⤵
PID:5704

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b88e-d2b2bc1ba3a6.exe
2⤵
PID:9544

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b889-d2b2bc1ba3a6.exe
2⤵
PID:9340

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7f4-d2b2bc1ba3a6.exe
2⤵
PID:5876

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b840-d2b2bc1ba3a6.exe
2⤵
PID:8836

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b894-d2b2bc1ba3a6.exe
2⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0058e873-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ConfirmUndo.dll
2⤵
PID:9468

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b808-d2b2bc1ba3a6.exe
2⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe
000e7201-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt
2⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe
0012429b-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI1125.txt
2⤵
PID:8788

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85f-d2b2bc1ba3a6.exe
2⤵
PID:5864

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8a1-d2b2bc1ba3a6.exe
2⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0056c5f5-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\SearchClose.html
2⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe
001e5137-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001
2⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe
0059367b-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\EnableWait.html
2⤵
PID:6016

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b4-d2b2bc1ba3a6.exe
2⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe
0015c4cd-951f-11ec-b78b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Temporary Internet Files"
2⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe
0059fa3e-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\PublishMerge.mp3
2⤵
PID:7256

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8ba-d2b2bc1ba3a6.exe
2⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0058c249-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ApproveConvertTo.pdf
2⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe
005a2169-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\RegisterConnect.gif
2⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe
0059ab95-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\InstallUse.bmp
2⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00587502-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\TraceSuspend.xps
2⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe
001af5f4-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml
2⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe
005a2169-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\RemoveRepair.zip
2⤵
PID:9668

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a2-d2b2bc1ba3a6.exe
2⤵
PID:9572

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 0045feb6-951f-11ec-b7a4-d2b2bc1ba3a6.exe
2⤵
PID:9592

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b2-d2b2bc1ba3a6.exe
2⤵
PID:9012

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b896-d2b2bc1ba3a6.exe
2⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00584cff-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\These.docx
2⤵
PID:7048

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b6-d2b2bc1ba3a6.exe
2⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe
003670eb-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\ConnectUnregister.xps
2⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe
0059d366-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\OutMeasure.png
2⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe
002a3839-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
2⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7fd-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG"
2⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe
005b58f7-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\ConvertFromApprove.bmp
2⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe
005c6afc-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\Wallpaper.jpg
2⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe
005b3229-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\CompleteDebug.html
2⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0057fe79-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\SearchEnter.xlsx
2⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b792-d2b2bc1ba3a6.exe
00347197-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\st180660.cab
2⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe
0058e873-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\DisconnectUnlock.xls
2⤵
PID:8028

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8b1-d2b2bc1ba3a6.exe
2⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe
005a4909-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\UnlockSend.xps
2⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe
005b0b0d-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Favorites\Bing.url
2⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe
0024e101-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml
2⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe
00598596-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\FormatSend.htm
2⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe
00595de8-951f-11ec-b8cf-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ExportLock.pptx
2⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe
0059d366-951f-11ec-b8d0-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\ProtectSubmit.html
2⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe
005abdb7-951f-11ec-b8d1-d2b2bc1ba3a6.exe C:\\Users\Admin\Downloads\UseApprove.jpeg
2⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe
0073c3f8-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Music"
2⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe
005b8053-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\Music\SwitchApprove.gif
2⤵
- Executes dropped EXE
PID:1352

C:\Users\Admin\AppData\Local\Temp\001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe
001a3278-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml
2⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe
005bf885-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\OptimizeSave.bmp
2⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe
005b3229-951f-11ec-b8d1-d2b2bc1ba3a6.exe "C:\\Users\Admin\Local Settings"
2⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe
001cf2ae-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml
2⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe
0023cf6c-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
2⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe
0021ac7e-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml
2⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe
005c1ca4-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\SplitExit.gif
2⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe
003c38f8-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1346565761-3498240568-4147300184-1000\1e0323f3-ff69-440a-83a9-b6c67c2edc8a
2⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe
002ad475-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml
2⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe
00361e85-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\CompressUpdate.ico
2⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe
00734f06-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\AppData\Local\Temporary Internet Files"
2⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe
005bce5b-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\NetHood
2⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
00739ce3-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\Cookies
2⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe
005ba779-951f-11ec-b8d2-d2b2bc1ba3a6.exe "C:\\Users\Admin\My Documents"
2⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe
0037f319-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico"
2⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe
00381af8-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\MeasureDisable.gif
2⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe
0073eb44-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Pictures"
2⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe
00739ce3-951f-11ec-b8d4-d2b2bc1ba3a6.exe "C:\\Users\Default\Application Data"
2⤵
- Executes dropped EXE
PID:4488

C:\Users\Admin\AppData\Local\Temp\00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe
00324e0a-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png"
2⤵
- Executes dropped EXE
PID:5856

C:\Users\Admin\AppData\Local\Temp\fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe
fff45c43-951e-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png
2⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe
005bce5b-951f-11ec-b8d2-d2b2bc1ba3a6.exe C:\\Users\Admin\NTUSER.DAT
2⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe
001aa7da-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2
2⤵
PID:9436

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b89e-d2b2bc1ba3a6.exe
2⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b821-d2b2bc1ba3a6.exe
00462471-951f-11ec-b821-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico"
2⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe
003115c5-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
2⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\00395564-951f-11ec-b792-d2b2bc1ba3a6.exe
00395564-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_e269d2c1-0edf-4391-ac7b-818b8e88b04f
2⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe
0042f069-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\AppContainerUserCertRead
2⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe
00331191-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png"
2⤵
- Executes dropped EXE
PID:3864

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b84c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_3"
2⤵
PID:8724

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c4-d2b2bc1ba3a6.exe
2⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b805-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index"
2⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe
001e03d1-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
2⤵
- Executes dropped EXE
PID:9788

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b86a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_3"
2⤵
PID:7404

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b84f-d2b2bc1ba3a6.exe
2⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal"
2⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor"
2⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b3-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml
2⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b815-d2b2bc1ba3a6.exe
00462471-951f-11ec-b815-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCK"
2⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe
00397b3b-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\it-IT\resource.xml"
2⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7bb-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml
2⤵
PID:7620

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c7-d2b2bc1ba3a6.exe
2⤵
PID:6692

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b890-d2b2bc1ba3a6.exe
2⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe
00350e2f-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\de-DE\resource.xml"
2⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b79b-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico"
2⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f5-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata"
2⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal"
2⤵
PID:9844

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b81d-d2b2bc1ba3a6.exe
2⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG"
2⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ff-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\MANIFEST-000001"
2⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a9-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml
2⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001"
2⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe
0014b442-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\offline
2⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00536b8a-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Pictures"
2⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b2-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml
2⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7dd-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:9244

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b81a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG"
2⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ba-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml
2⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b9-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml
2⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe
000e7201-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml
2⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e0-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
2⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History"
2⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7da-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
2⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004c17b3-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\DenySave.xls
2⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b797-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\fr-FR\resource.xml"
2⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b86c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser"
2⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK"
2⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b822-d2b2bc1ba3a6.exe
00462471-951f-11ec-b822-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History"
2⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e3-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab"
2⤵
PID:6844

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8bf-d2b2bc1ba3a6.exe
2⤵
PID:5196

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c3-d2b2bc1ba3a6.exe
2⤵
PID:7080

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8cb-d2b2bc1ba3a6.exe
2⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007e24e7-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x64.log-MSI_vc_red.msi.txt
2⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b818-d2b2bc1ba3a6.exe
00462471-951f-11ec-b818-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT"
2⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b827-d2b2bc1ba3a6.exe
00462471-951f-11ec-b827-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001"
2⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe
00172541-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT
2⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d9-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
2⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00531d72-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Music"
2⤵
- Executes dropped EXE
PID:7056

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7be-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml
2⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e1-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004b0688-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Application Data"
2⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe
0079427c-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\PrintHood
2⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe
0033d542-951f-11ec-b790-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png"
2⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe
00233371-951f-11ec-b78d-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
2⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe
0025cb18-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
2⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13286548792216037"
2⤵
- Executes dropped EXE
PID:5844

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b833-d2b2bc1ba3a6.exe
00462471-951f-11ec-b833-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences"
2⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b826-d2b2bc1ba3a6.exe
00462471-951f-11ec-b826-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG"
2⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a7-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml
2⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b865-d2b2bc1ba3a6.exe
00462471-951f-11ec-b865-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002"
2⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b802-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2"
2⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons"
2⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0053e137-951f-11ec-b8ce-d2b2bc1ba3a6.exe "C:\\Users\Admin\Documents\My Videos"
2⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007c770f-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Music"
2⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e5-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab"
2⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a8-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml
2⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe
00462471-951f-11ec-b86b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\index"
2⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f6-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat"
2⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7db-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab"
2⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b81e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2"
2⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7de-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c0-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml
2⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b1-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml
2⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b799-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ja-JP\resource.xml"
2⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe
0008f581-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat
2⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ce-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user.bmp"
2⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b849-d2b2bc1ba3a6.exe
00462471-951f-11ec-b849-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_0"
2⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe
002ea4fc-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml
2⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b834-d2b2bc1ba3a6.exe
00462471-951f-11ec-b834-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferredApps"
2⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007e7267-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x64.log.html
2⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State"
2⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe
000dd73b-951f-11ec-b788-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20220113_114700274.html"
2⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b843-d2b2bc1ba3a6.exe
00462471-951f-11ec-b843-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG"
2⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b816-d2b2bc1ba3a6.exe
00462471-951f-11ec-b816-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG"
2⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d8-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e4-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
2⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d6-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
2⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001"
2⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d1-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\javapath\javaw.exe
2⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe
002c0ce5-951f-11ec-b78e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates Logon.xml"
2⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d7-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b0-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml
2⤵
PID:8676

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b85c-d2b2bc1ba3a6.exe
2⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b830-d2b2bc1ba3a6.exe
00462471-951f-11ec-b830-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOCK"
2⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b81c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0"
2⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b875-d2b2bc1ba3a6.exe
00462471-951f-11ec-b875-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\History
2⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe
0030efb2-951f-11ec-b78f-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png"
2⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b798-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\it-IT\resource.xml"
2⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b842-d2b2bc1ba3a6.exe
00462471-951f-11ec-b842-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK"
2⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b855-d2b2bc1ba3a6.exe
00462471-951f-11ec-b855-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOCK"
2⤵
PID:8900

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8af-d2b2bc1ba3a6.exe
2⤵
PID:9520

C:\Windows\system32\cmd.exe
cmd /c copy C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe 00462471-951f-11ec-b8c6-d2b2bc1ba3a6.exe
2⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007ec169-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\vcredist2010_x86.log-MSI_vc_red.msi.txt
2⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b846-d2b2bc1ba3a6.exe
00462471-951f-11ec-b846-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\the-real-index"
2⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\00436559-951f-11ec-b793-d2b2bc1ba3a6.exe
00436559-951f-11ec-b793-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\MoveAdd.rtf
2⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007daffc-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\odt\office2016setup.exe
2⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b810-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal"
2⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b84a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1"
2⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts"
2⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\00420529-951f-11ec-b793-d2b2bc1ba3a6.exe
00420529-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico"
2⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13286548794324037"
2⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe
002d1e4a-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
2⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d5-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi"
2⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d4-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab"
2⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe
000f5e30-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml
2⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe
000d6199-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\ProductReleases\3918A828-DCC1-45E2-BA7D-1BE47F748F29\x-none.16\stream.x64.x-none.man.dat
2⤵
- Executes dropped EXE
PID:8736

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b851-d2b2bc1ba3a6.exe
00462471-951f-11ec-b851-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\CURRENT"
2⤵
- Executes dropped EXE
PID:5680

C:\Users\Admin\AppData\Local\Temp\0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe
0014b442-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml
2⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b837-d2b2bc1ba3a6.exe
00462471-951f-11ec-b837-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences"
2⤵
- Executes dropped EXE
PID:6972

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b848-d2b2bc1ba3a6.exe
00462471-951f-11ec-b848-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\the-real-index"
2⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b847-d2b2bc1ba3a6.exe
00462471-951f-11ec-b847-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index"
2⤵
- Executes dropped EXE
PID:7820

C:\Users\Admin\AppData\Local\Temp\003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe
003d7205-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml"
2⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0054f233-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\ProtectHide.pub
2⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b817-d2b2bc1ba3a6.exe
00462471-951f-11ec-b817-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\MANIFEST-000001"
2⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b814-d2b2bc1ba3a6.exe
00462471-951f-11ec-b814-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\CURRENT"
2⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History-journal"
2⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b831-d2b2bc1ba3a6.exe
00462471-951f-11ec-b831-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG"
2⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b852-d2b2bc1ba3a6.exe
00462471-951f-11ec-b852-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOCK"
2⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b828-d2b2bc1ba3a6.exe
00462471-951f-11ec-b828-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data"
2⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe
003beb41-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Protect\CREDHIST
2⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b850-d2b2bc1ba3a6.exe
00462471-951f-11ec-b850-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State"
2⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007cec2e-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Pictures"
2⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe
00054ab0-951f-11ec-b788-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml
2⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b881-d2b2bc1ba3a6.exe
00462471-951f-11ec-b881-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal"
2⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b858-d2b2bc1ba3a6.exe
00462471-951f-11ec-b858-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT"
2⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7cc-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\User Account Pictures\user-40.png"
2⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\00342331-951f-11ec-b790-d2b2bc1ba3a6.exe
00342331-951f-11ec-b790-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml"
2⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007d6165-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\odt\config.xml
2⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe
00743944-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Documents\My Videos"
2⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b856-d2b2bc1ba3a6.exe
00462471-951f-11ec-b856-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG"
2⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b85e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity"
2⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe
00462471-951f-11ec-b87b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index"
2⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe
005c43ea-951f-11ec-b8d3-d2b2bc1ba3a6.exe C:\\Users\Admin\Pictures\UnblockFormat.bmp
2⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b859-d2b2bc1ba3a6.exe
00462471-951f-11ec-b859-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK"
2⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\MANIFEST-000001"
2⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe
00462471-951f-11ec-b85d-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal"
2⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b899-d2b2bc1ba3a6.exe
00462471-951f-11ec-b899-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3"
2⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0051e5e9-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\MergeConvert.xps
2⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e9-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab"
2⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007d129e-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Public\Documents\My Videos"
2⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b882-d2b2bc1ba3a6.exe
00462471-951f-11ec-b882-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT"
2⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b87e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons"
2⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b886-d2b2bc1ba3a6.exe
00462471-951f-11ec-b886-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data"
2⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b806-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index"
2⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f8-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCK"
2⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007a05a5-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\Recent
2⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b824-d2b2bc1ba3a6.exe
00462471-951f-11ec-b824-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT"
2⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7dc-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi"
2⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007aa2f9-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\SendTo
2⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b89a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index"
2⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\00342331-951f-11ec-b791-d2b2bc1ba3a6.exe
00342331-951f-11ec-b791-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\sj180660.cab
2⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe
0076ab68-951f-11ec-b8d5-d2b2bc1ba3a6.exe C:\\Users\Default\NetHood
2⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b80b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT"
2⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b89f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_2"
2⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f2-d2b2bc1ba3a6.exe C:\\ProgramData\Templates
2⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7fe-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG"
2⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b88c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENT"
2⤵
PID:11324

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe
00462471-951f-11ec-b89c-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State"
2⤵
PID:11332

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7e6-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi"
2⤵
PID:11340

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b794-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml"
2⤵
PID:11392

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f1-d2b2bc1ba3a6.exe "C:\\ProgramData\Start Menu"
2⤵
PID:11424

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b807-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index"
2⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00553fc7-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\RemoveMerge.xps
2⤵
PID:11472

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ee-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi"
2⤵
PID:11540

C:\Users\Admin\AppData\Local\Temp\004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe
004cb3cf-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Desktop\MeasureExit.mp3
2⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe
0030794d-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Crypto\SystemKeys\f85409213665240541862e424382eed9_e269d2c1-0edf-4391-ac7b-818b8e88b04f
2⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe
001ccaff-951f-11ec-b78c-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\index
2⤵
PID:11616

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b860-d2b2bc1ba3a6.exe
00462471-951f-11ec-b860-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data"
2⤵
PID:11656

C:\Users\Admin\AppData\Local\Temp\007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007b6552-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Start Menu"
2⤵
PID:11632

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b854-d2b2bc1ba3a6.exe
00462471-951f-11ec-b854-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\MANIFEST-000001"
2⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe
003c62d5-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico"
2⤵
PID:11716

C:\Users\Admin\AppData\Local\Temp\00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe
00344b64-951f-11ec-b791-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\ss180660.cab
2⤵
PID:11724

C:\Users\Admin\AppData\Local\Temp\00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe
00132dae-951f-11ec-b78a-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistUI115A.txt
2⤵
PID:11756

C:\Users\Admin\AppData\Local\Temp\007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe
007c2a16-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default User"
2⤵
PID:11800

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe
00462471-951f-11ec-b88b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences"
2⤵
PID:11848

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b864-d2b2bc1ba3a6.exe
00462471-951f-11ec-b864-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG"
2⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe
00760ed2-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\My Documents"
2⤵
PID:11868

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b795-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\es-ES\resource.xml"
2⤵
PID:11948

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7fb-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\CURRENT"
2⤵
PID:11976

C:\Users\Admin\AppData\Local\Temp\00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe
00355d76-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_66_x64\sz180660.cab
2⤵
PID:11988

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b804-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index"
2⤵
PID:12008

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b897-d2b2bc1ba3a6.exe
00462471-951f-11ec-b897-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1"
2⤵
PID:12020

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b891-d2b2bc1ba3a6.exe
00462471-951f-11ec-b891-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOCK"
2⤵
PID:12068

C:\Users\Admin\AppData\Local\Temp\0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe
0036bc5c-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\es-ES\resource.xml"
2⤵
PID:12096

C:\Users\Admin\AppData\Local\Temp\00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
00558d9b-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\RequestReceive.xml
2⤵
PID:12120

C:\Users\Admin\AppData\Local\Temp\002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe
002d45f9-951f-11ec-b78e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_Office Feature Updates.xml"
2⤵
PID:12148

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b800-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0"
2⤵
PID:11880

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b7-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml
2⤵
PID:12220

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b79c-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico"
2⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ab-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml
2⤵
PID:12260

C:\Users\Admin\AppData\Local\Temp\0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe
0015edcd-951f-11ec-b78b-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
2⤵
PID:12284

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7fc-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCK"
2⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ea-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi"
2⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe
00462471-951f-11ec-b83b-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG"
2⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml
2⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b870-d2b2bc1ba3a6.exe
00462471-951f-11ec-b870-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1"
2⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe
000f3661-951f-11ec-b789-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1125.txt
2⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b868-d2b2bc1ba3a6.exe
00462471-951f-11ec-b868-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1"
2⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b803-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3"
2⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b809-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies"
2⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ad-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml
2⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7f3-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
2⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe
00752df3-951f-11ec-b8d5-d2b2bc1ba3a6.exe "C:\\Users\Default\Local Settings"
2⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8a0-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3"
2⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe
00462471-951f-11ec-b86e-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State"
2⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b893-d2b2bc1ba3a6.exe
00462471-951f-11ec-b893-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001"
2⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b857-d2b2bc1ba3a6.exe
00462471-951f-11ec-b857-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001"
2⤵
PID:12292

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b86f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0"
2⤵
PID:12304

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b866-d2b2bc1ba3a6.exe
00462471-951f-11ec-b866-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\First Run"
2⤵
PID:12312

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b79e-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico"
2⤵
PID:12336

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b885-d2b2bc1ba3a6.exe
00462471-951f-11ec-b885-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001"
2⤵
PID:12372

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c2-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml
2⤵
PID:12428

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7fa-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\MANIFEST-000001"
2⤵
PID:12492

C:\Users\Admin\AppData\Local\Temp\0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe
0035d0ce-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_66_x64\jre1.8.0_66.msi
2⤵
PID:12504

C:\Users\Admin\AppData\Local\Temp\00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe
00433e68-951f-11ec-b793-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml"
2⤵
PID:12484

C:\Users\Admin\AppData\Local\Temp\0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe
0054a49b-951f-11ec-b8ce-d2b2bc1ba3a6.exe C:\\Users\Admin\Documents\Opened.docx
2⤵
PID:12560

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d2-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\javapath\javaws.exe
2⤵
PID:12592

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7bd-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml
2⤵
PID:12616

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8a5-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat"
2⤵
PID:12644

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ac-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml
2⤵
PID:12656

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8aa-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2B7113FF-0401-476A-9DCD-E791D6F8EE3B
2⤵
PID:12696

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8a9-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt"
2⤵
PID:12688

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Office\ClickToRunPackageLocker
2⤵
PID:12752

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8a8-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{04D6A65B-7467-11EC-B99B-7EE208A7DFD1}.dat"
2⤵
PID:12744

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b88f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\MANIFEST-000001"
2⤵
PID:12832

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b819-d2b2bc1ba3a6.exe
00462471-951f-11ec-b819-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK"
2⤵
PID:12820

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8b0-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml
2⤵
PID:12860

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8ac-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\msoia.exe_Rules.xml
2⤵
PID:12892

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b844-d2b2bc1ba3a6.exe
00462471-951f-11ec-b844-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001"
2⤵
PID:12932

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a1-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\Diagnosis\osver.txt
2⤵
PID:12964

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8ae-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml
2⤵
PID:12980

C:\Users\Admin\AppData\Local\Temp\0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe
0039efb6-951f-11ec-b792-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1346565761-3498240568-4147300184-1000\0f5007522459c86e95ffcc62f32308f1_e269d2c1-0edf-4391-ac7b-818b8e88b04f
2⤵
PID:13004

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b81f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3"
2⤵
PID:13036

C:\Users\Admin\AppData\Local\Temp\0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe
0038b6cc-951f-11ec-b792-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\fr-FR\resource.xml"
2⤵
PID:13088

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8b3-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUs
2⤵
PID:13108

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7bf-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml
2⤵
PID:13148

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a6-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"
2⤵
PID:13136

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8a6-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieUserList\container.dat"
2⤵
PID:13180

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b869-d2b2bc1ba3a6.exe
00462471-951f-11ec-b869-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_2"
2⤵
PID:13172

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b814-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\MANIFEST-000001"
2⤵
PID:13244

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b812-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCK"
2⤵
PID:13232

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8ab-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CAF962B8-C29D-4A67-B9DB-53E0E643EEE4
2⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7a0-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml"
2⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8b5-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsYSw=
2⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7d3-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
2⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b845-d2b2bc1ba3a6.exe
00462471-951f-11ec-b845-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index"
2⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8b7-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\24E5136994AE5D575A3E0A087D0E2D0658CBC7A6
2⤵
PID:13328

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b4-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml
2⤵
PID:13376

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c1-d2b2bc1ba3a6.exe C:\\ProgramData\Oracle\Java\installcache_x64\baseimagefam8
2⤵
PID:13392

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8b8-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\2BF26D07E908AEF2A6E2C2BF13D790BDE604017B
2⤵
PID:13412

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7af-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml
2⤵
PID:13460

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7eb-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab"
2⤵
PID:13488

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b5-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml
2⤵
PID:13516

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b872-d2b2bc1ba3a6.exe
00462471-951f-11ec-b872-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3"
2⤵
PID:13532

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b829-d2b2bc1ba3a6.exe
00462471-951f-11ec-b829-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal"
2⤵
PID:13552

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ae-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml
2⤵
PID:13584

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe
00462471-951f-11ec-b82f-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT"
2⤵
PID:13612

C:\Users\Admin\AppData\Local\Temp\0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe
0033d542-951f-11ec-b78f-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\LocalLow\Oracle\Java\AU\au.msi
2⤵
PID:13656

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe
00462471-951f-11ec-b87a-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat"
2⤵
PID:13664

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8bc-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\4BDD5ECEBDDB7CDE9E26DFBF21E2F3A314B7739D
2⤵
PID:13696

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c6-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\VdiState.xml
2⤵
PID:13728

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8c5-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
2⤵
PID:13776

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c3-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml
2⤵
PID:13812

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe
00462471-951f-11ec-b8bd-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1
2⤵
PID:13828

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7b8-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml
2⤵
PID:13848

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b796-d2b2bc1ba3a6.exe "C:\\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico"
2⤵
PID:13876

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b835-d2b2bc1ba3a6.exe
00462471-951f-11ec-b835-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL"
2⤵
PID:13884

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7c4-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml
2⤵
PID:13900

C:\Users\Admin\AppData\Local\Temp\002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe
002ef299-951f-11ec-b78e-d2b2bc1ba3a6.exe C:\\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml
2⤵
PID:13920

C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe
0045feb6-951f-11ec-b7ed-d2b2bc1ba3a6.exe "C:\\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab"
2⤵
PID:13928

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b892-d2b2bc1ba3a6.exe
00462471-951f-11ec-b892-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG"
2⤵
PID:13956

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b832-d2b2bc1ba3a6.exe
00462471-951f-11ec-b832-d2b2bc1ba3a6.exe "C:\\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001"
2⤵
PID:13992

C:\Users\Admin\AppData\Local\Temp\00462471-951f-11ec-b877-d2b2bc1ba3a6.exe
00462471-951f-11ec-b877-d2b2bc1ba3a6.exe C:\\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1pj39gsm.default-release\cache2\entries\D314169AF6A7C315416B4031A87D7CDC2D43B91B
2⤵
PID:14012

C:\Windows\SYSTEM32\timeout.exe
timeout /t 30 && C:\Windows\system32\cmd.exe /C del C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\43564aa0-94f8-11ec-9d1d-005056a01a83.exe
2⤵
- Delays execution with timeout.exe
PID:7908

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00068672-951f-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0013a309-951f-11ec-b78a-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0016fe62-951f-11ec-b78b-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00180fb6-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001a0b21-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001be011-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\001eed72-951f-11ec-b78c-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0021ac7e-951f-11ec-b78d-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0024e101-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f1a63-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\002f4115-951f-11ec-b78e-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00316458-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00318b55-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0031b1e2-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0032c3b2-951f-11ec-b78f-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00347197-951f-11ec-b791-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0035f841-951f-11ec-b792-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0045feb6-951f-11ec-b7df-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005c6afc-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\005faa0a-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\0061e9f9-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\00645ab6-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006b6eb4-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\006da96d-951f-11ec-b8d4-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\ffef9fea-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff01502-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff1ea28-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff2ad36-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff57040-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fff917df-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffb1251-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffbfc82-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\fffebb0d-951e-11ec-b788-d2b2bc1ba3a6.exe
MD5
d5d2c4ac6c724cd63b69ca054713e278

SHA1
f32d791ec9e6385a91b45942c230f52aff1626df

SHA256
4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382

SHA512
9c2e86ff9da4e8b8e7caa62cd298f5725a459151dc655845fe614bf33639ed975850b3e9ae204d8a9d145a86214c35a486c06787a7ad8a88a85d121d3ee50c91

Download Submit