Analysis Overview
SHA256
9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a
Threat Level: Known bad
The file 9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a was found to be: Known bad.
Malicious Activity Summary
NanoCore
njRAT/Bladabindi
WarzoneRat, AveMaria
LimeRAT
Warzone RAT payload
Executes dropped EXE
Checks computer location settings
Drops startup file
Loads dropped DLL
AutoIT Executable
Suspicious use of SetThreadContext
Enumerates physical storage devices
NSIS installer
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-31 07:08
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 07:08
Reported
2022-07-31 10:04
Platform
win7-20220718-en
Max time kernel
75s
Max time network
198s
Command Line
Signatures
LimeRAT
NanoCore
WarzoneRat, AveMaria
njRAT/Bladabindi
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Firefox.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe | N/A |
| N/A | N/A | C:\Windows\system32\conhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.url | C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe
"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe 1
C:\Users\Admin\AppData\Local\Temp\peggym.exe
"C:\Users\Admin\AppData\Local\Temp\peggym.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe 1
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
"C:\Users\Admin\AppData\Local\Temp\mediamall.exe"
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Firefox.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe 1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES387F.tmp" "c:\Users\Admin\AppData\Local\Temp\q5qh104c\CSC924F9C24A2CF4A8A86AA65A63969C8.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3ediehn5\3ediehn5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E2A.tmp" "c:\Users\Admin\AppData\Local\Temp\rcryokro\CSC3E324A125D0E47059AC8DEC3F275971.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F04.tmp" "c:\Users\Admin\AppData\Local\Temp\aa4pj4n0\CSC5BCFDC5EC4D945489DAAEB9EB843E3D5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ED5.tmp" "c:\Users\Admin\AppData\Local\Temp\3ediehn5\CSCCE41B91ACDAB4D31AFE9281270AA4F83.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E49.tmp" "c:\Users\Admin\AppData\Local\Temp\rasrywrd\CSC8BC85E64855A43F19DD27AC69D422079.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rasrywrd\rasrywrd.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aa4pj4n0\aa4pj4n0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rcryokro\rcryokro.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3880.tmp" "c:\Users\Admin\AppData\Local\Temp\zutfxp54\CSCCCD56D6EC80E4CBD8F4956BD50625331.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES386F.tmp" "c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\CSCB18C683354CA4D239C8E508BF2CFF4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3881.tmp" "c:\Users\Admin\AppData\Local\Temp\5r5glz2i\CSC15C52E756689490C90739BDDFB3042B4.TMP"
C:\Users\Admin\AppData\Local\Temp\vest.exe
"C:\Users\Admin\AppData\Local\Temp\vest.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe 1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xivsp0ka\xivsp0ka.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES60B8.tmp" "c:\Users\Admin\AppData\Local\Temp\p5qr0k4v\CSCD26C240B9A714AD5AB685B75C7ECE3D5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ylnlr1gs\ylnlr1gs.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629C.tmp" "c:\Users\Admin\AppData\Local\Temp\ccdpgzrw\CSC1A92854E5B104D31809E5F4382C2AED.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES650B.tmp" "c:\Users\Admin\AppData\Local\Temp\3v04avxi\CSCCBFADAC768794CF1BBCD8715D4263B2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES68A3.tmp" "c:\Users\Admin\AppData\Local\Temp\x45432hn\CSC8F6DD9C132CA4CBCA14622FCF153CC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mph03202\mph03202.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6AC5.tmp" "c:\Users\Admin\AppData\Local\Temp\mph03202\CSC1776509664504CBDB5C6429290D7E9D0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6C89.tmp" "c:\Users\Admin\AppData\Local\Temp\wjlx4ovo\CSCF71E6D98F6407AAC57293373C2A044.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CB8.tmp" "c:\Users\Admin\AppData\Local\Temp\1rh5b44i\CSC9D092A2D6334412F807FC71353F98C2D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CD7.tmp" "c:\Users\Admin\AppData\Local\Temp\lhiarvmb\CSCD6C3BA65C434053BEFFF73FC84BBD7F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E2F.tmp" "c:\Users\Admin\AppData\Local\Temp\34zwbtmt\CSC2832ECE5E69248EEA15F98C39FEA9D2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E3E.tmp" "c:\Users\Admin\AppData\Local\Temp\ecp2lgx2\CSCB598522AB81A401898E603D87263C1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\34zwbtmt\34zwbtmt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ecp2lgx2\ecp2lgx2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wjlx4ovo\wjlx4ovo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lhiarvmb\lhiarvmb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1rh5b44i\1rh5b44i.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES695E.tmp" "c:\Users\Admin\AppData\Local\Temp\xnqlyczs\CSC1AAC183C555A4068A79ECEE8BD855D65.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xnqlyczs\xnqlyczs.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x45432hn\x45432hn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6578.tmp" "c:\Users\Admin\AppData\Local\Temp\czdpwmte\CSC23E0DE151665405F868F38DC33ADF72.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\czdpwmte\czdpwmte.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3v04avxi\3v04avxi.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES62F8.tmp" "c:\Users\Admin\AppData\Local\Temp\nj5gbe4s\CSCB5EF440881F647F1A1C038C7F8A7C3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES62BA.tmp" "c:\Users\Admin\AppData\Local\Temp\rxpyubsn\CSC89F96CFA56D449FE92EF4F08F6CBA82.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629B.tmp" "c:\Users\Admin\AppData\Local\Temp\ylnlr1gs\CSC8CA8DD7FCF37452AB2349544833514F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rxpyubsn\rxpyubsn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nj5gbe4s\nj5gbe4s.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ccdpgzrw\ccdpgzrw.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES60B7.tmp" "c:\Users\Admin\AppData\Local\Temp\xivsp0ka\CSCAA0A6E302D6A4239A6C6E7DC52A5DC4D.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5qr0k4v\p5qr0k4v.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rsmktbov\rsmktbov.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\py1y02e3\py1y02e3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jm3p4s51\jm3p4s51.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jlzqwvpb\jlzqwvpb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAF72.tmp" "c:\Users\Admin\AppData\Local\Temp\jlzqwvpb\CSC31DB08A850F424FA58B1BF8DF2F52C4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAFD0.tmp" "c:\Users\Admin\AppData\Local\Temp\rsmktbov\CSC485B62AD6AED44349623C5B2C577D3E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB03D.tmp" "c:\Users\Admin\AppData\Local\Temp\py1y02e3\CSCE244A2C9C4684F70BA8DEDA2CBE5AF88.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tteznrah\tteznrah.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kvwwuacs\kvwwuacs.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB06C.tmp" "c:\Users\Admin\AppData\Local\Temp\jm3p4s51\CSC6B55D0F931644C8B9870D0FDD6E42A9.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bd2vee31\bd2vee31.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4B0.tmp" "c:\Users\Admin\AppData\Local\Temp\3233wweq\CSCE910E48EF9F740B2B3F3B0EB124FCF3C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\imkmjq5l\imkmjq5l.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB462.tmp" "c:\Users\Admin\AppData\Local\Temp\bd2vee31\CSC1ECA12AE4F2A4F3B8FCC1BFD99322BAA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB2BD.tmp" "c:\Users\Admin\AppData\Local\Temp\tteznrah\CSC65649D93DF2C421184E494318E7DFC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB8C5.tmp" "c:\Users\Admin\AppData\Local\Temp\imkmjq5l\CSC2C28E84F28340ABB89580719F1A6E8.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB240.tmp" "c:\Users\Admin\AppData\Local\Temp\kvwwuacs\CSC7887716C60244767A02C8DD252302D28.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3233wweq\3233wweq.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ugbvmtpi\ugbvmtpi.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\meyuznr5\meyuznr5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBAB8.tmp" "c:\Users\Admin\AppData\Local\Temp\ugbvmtpi\CSC657E3DBDEAA348F397AC1CA817459D2A.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ycmmt52d\ycmmt52d.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hushwk0c\hushwk0c.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0r40ohxa\0r40ohxa.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD48.tmp" "c:\Users\Admin\AppData\Local\Temp\hushwk0c\CSC9BC9DD66720C475785F97F82BF5029.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBE60.tmp" "c:\Users\Admin\AppData\Local\Temp\ycmmt52d\CSCDEA9FEE1FA6146F3B214785DA94132F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\znyabqhr\znyabqhr.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tna3qmdm\tna3qmdm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD96.tmp" "c:\Users\Admin\AppData\Local\Temp\0r40ohxa\CSC175E878ACE9E47B6AC26D2FBDEBEF36.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBAD8.tmp" "c:\Users\Admin\AppData\Local\Temp\meyuznr5\CSC7C0C90246FB14D2AB1DAA0BBC1133BE3.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC044.tmp" "c:\Users\Admin\AppData\Local\Temp\tna3qmdm\CSCEE7CF6A0BAAE48A8965124395B4DAB9.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBFA8.tmp" "c:\Users\Admin\AppData\Local\Temp\znyabqhr\CSCFF7E243DE1E643AA8DE6B2767A3B1AB0.TMP"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u5h4i3s3\u5h4i3s3.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC266.tmp" "c:\Users\Admin\AppData\Local\Temp\u5h4i3s3\CSC4C1659CA5D46B09CDB463C9D559A4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mxfjenoa\mxfjenoa.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ca5nwrqv\ca5nwrqv.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC3BD.tmp" "c:\Users\Admin\AppData\Local\Temp\mxfjenoa\CSC35C604B52D3A438FAC8B8010E91D361.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC543.tmp" "c:\Users\Admin\AppData\Local\Temp\kzk3d1kf\CSCA68A3D8D730E45738591CD383134641D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\okkc00qo\okkc00qo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rbua31hl\rbua31hl.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC68B.tmp" "c:\Users\Admin\AppData\Local\Temp\rbua31hl\CSCAD11661AF58F4A40B9F0A3DB192DE5C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t25tppy2\t25tppy2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC708.tmp" "c:\Users\Admin\AppData\Local\Temp\okkc00qo\CSCDE65ADEFFFB74E13998ED44DABADE31F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ujwnybr2\ujwnybr2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC42A.tmp" "c:\Users\Admin\AppData\Local\Temp\ca5nwrqv\CSC54CA1CCF821E4510BB4AD020ABDF2D0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kzk3d1kf\kzk3d1kf.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC7E2.tmp" "c:\Users\Admin\AppData\Local\Temp\ujwnybr2\CSCC18CD77EE43347AFAD72437E3BC2C6B6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC709.tmp" "c:\Users\Admin\AppData\Local\Temp\t25tppy2\CSC9C67F300A3C94449BBD0856B21A05FC.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ngtzo3m\5ngtzo3m.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ssqt3we5\ssqt3we5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g11hnrfn\g11hnrfn.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD4E.tmp" "c:\Users\Admin\AppData\Local\Temp\ssqt3we5\CSC5A2CA639E2A94514AD915C1BBD55448D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD7D.tmp" "c:\Users\Admin\AppData\Local\Temp\5ngtzo3m\CSCDB6EED5B31384D4990C7F2F7EFEB315D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2vcvgeaw\2vcvgeaw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2expkoqi\2expkoqi.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD20.tmp" "c:\Users\Admin\AppData\Local\Temp\g11hnrfn\CSCF5B2EBEDEEE944D8AAB2742689CE43B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4pohgeqo\4pohgeqo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\v5luuf20\v5luuf20.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFCE.tmp" "c:\Users\Admin\AppData\Local\Temp\2vcvgeaw\CSCF2BE9F6CD35A49DA90B8421A76187840.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCF80.tmp" "c:\Users\Admin\AppData\Local\Temp\2expkoqi\CSC2866B698C85440DDA9177F983A5631C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD099.tmp" "c:\Users\Admin\AppData\Local\Temp\4pohgeqo\CSC449684E56F2D4027A0877AC2B8BCF758.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cu2eptsx\cu2eptsx.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD183.tmp" "c:\Users\Admin\AppData\Local\Temp\v5luuf20\CSC662FE71AD3F41D4854B3431EA4E5F92.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD386.tmp" "c:\Users\Admin\AppData\Local\Temp\cu2eptsx\CSC80F0556EA657429596DE36976659F91D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4CD.tmp" "c:\Users\Admin\AppData\Local\Temp\zewulkul\CSC11948045A0DA4E56ABE888A6BB93CE13.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zewulkul\zewulkul.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0z3dzhzg\0z3dzhzg.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD624.tmp" "c:\Users\Admin\AppData\Local\Temp\0z3dzhzg\CSCB0FE1A09D53246E0A7446C9E82C6FFB5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD634.tmp" "c:\Users\Admin\AppData\Local\Temp\rc0tidn3\CSC24464E3D2525427498DB6643922CD9EE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rc0tidn3\rc0tidn3.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\k5rs30yf\k5rs30yf.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ri3qrxhv\ri3qrxhv.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7E9.tmp" "c:\Users\Admin\AppData\Local\Temp\k5rs30yf\CSC28E15AF2A834244892864F987F03B41.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\exoq2vdn\exoq2vdn.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD875.tmp" "c:\Users\Admin\AppData\Local\Temp\ri3qrxhv\CSC4E85AE45A62543328F15D77C3A7DF51E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD950.tmp" "c:\Users\Admin\AppData\Local\Temp\exoq2vdn\CSC83979FCD5B874715BF711E1D765F196B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ync0hfuj\ync0hfuj.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD9CC.tmp" "c:\Users\Admin\AppData\Local\Temp\ync0hfuj\CSCC88A941987604D6CB31496E81BE04147.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jotovgox\jotovgox.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB04.tmp" "c:\Users\Admin\AppData\Local\Temp\jotovgox\CSCA88B4055A9E84E6D824D7A53844BA2AF.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\11nugb3o\11nugb3o.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC9A.tmp" "c:\Users\Admin\AppData\Local\Temp\11nugb3o\CSC29ABBAEAB8A64C078D49B399BAEB5286.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5gcfoz22\5gcfoz22.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5r4fmlkz\5r4fmlkz.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jsjgb3yq\jsjgb3yq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pnwqirtb\pnwqirtb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDFF4.tmp" "c:\Users\Admin\AppData\Local\Temp\jsjgb3yq\CSC3614E65C82F046399D3BB7E5CBB8D3C2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE023.tmp" "c:\Users\Admin\AppData\Local\Temp\5r4fmlkz\CSC26CDED07C4B245F68941FC26522CBDDE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vevrej5q\vevrej5q.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE090.tmp" "c:\Users\Admin\AppData\Local\Temp\5gcfoz22\CSC3142383971BC455DAA6F883716CAA4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE0DE.tmp" "c:\Users\Admin\AppData\Local\Temp\pnwqirtb\CSC5663405480FA49FBA78D9C367645EA5.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1228427131-1845789794-120835786094486344493712240513837190981898901769215645597"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE66A.tmp" "c:\Users\Admin\AppData\Local\Temp\p5zl31s2\CSCD5C2DC607E1C43599D8E4279F0B7A21.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE61C.tmp" "c:\Users\Admin\AppData\Local\Temp\zvfjj23k\CSC442A5580667148B2A74B6DD1ED1C74C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ipsdjii\5ipsdjii.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE744.tmp" "c:\Users\Admin\AppData\Local\Temp\5ipsdjii\CSC98C01ADE670340BE854D65B2FD5E7ACC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zvfjj23k\zvfjj23k.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE16A.tmp" "c:\Users\Admin\AppData\Local\Temp\vevrej5q\CSC5A05123AF16D412D89AC91D2C7F63517.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5zl31s2\p5zl31s2.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bzxts55j\bzxts55j.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m3ztiznt\m3ztiznt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ofse5ega\ofse5ega.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5poa35zf\5poa35zf.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD1C.tmp" "c:\Users\Admin\AppData\Local\Temp\5poa35zf\CSCD07C46BB7F6B4BF0A4AC2C3B62FF687C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E79.tmp" "c:\Users\Admin\AppData\Local\Temp\ofse5ega\CSC4926BA9ECE9D402E80414929F612FF6C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E78.tmp" "c:\Users\Admin\AppData\Local\Temp\m3ztiznt\CSC8A633C412CC4EBD85FE5E6AEF296731.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E7A.tmp" "c:\Users\Admin\AppData\Local\Temp\bzxts55j\CSC55AC003726E341528CF64D11489D9E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5grcc01q\5grcc01q.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sdppbupo\sdppbupo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6347.tmp" "c:\Users\Admin\AppData\Local\Temp\sdppbupo\CSC44FBC06A43DA440095C56A78B04F1268.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6346.tmp" "c:\Users\Admin\AppData\Local\Temp\5grcc01q\CSC91D68EDE8F464779B5827FA082F63CE.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\umxojwkl\umxojwkl.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xtqubiza\xtqubiza.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES698D.tmp" "c:\Users\Admin\AppData\Local\Temp\umxojwkl\CSC8650BE4A757D4F0084A98BDCB253BC54.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES69BC.tmp" "c:\Users\Admin\AppData\Local\Temp\xtqubiza\CSC12F6361DDA4F480F91357D39CDA9BD9B.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1ibctlr3\1ibctlr3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D25.tmp" "c:\Users\Admin\AppData\Local\Temp\1ibctlr3\CSCFFE7FDC92D7445549E56BFAFD627E88.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D35.tmp" "c:\Users\Admin\AppData\Local\Temp\mlb3pwz0\CSCA990740F7AA845CEA44A67A61C0955F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mlb3pwz0\mlb3pwz0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hkjnhgpl\hkjnhgpl.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1zz5c43u\1zz5c43u.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bsf1yexl\bsf1yexl.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F09.tmp" "c:\Users\Admin\AppData\Local\Temp\hkjnhgpl\CSC5D9115CA928441C7826871788C38A3E3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qsrj2yx3\qsrj2yx3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F28.tmp" "c:\Users\Admin\AppData\Local\Temp\1zz5c43u\CSCAA799D96467347808E27324917DFF34.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7060.tmp" "c:\Users\Admin\AppData\Local\Temp\cbhivdgp\CSC7ED1B382E1B34A8CB5B7A7AC6B33EF99.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cbhivdgp\cbhivdgp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES70BE.tmp" "c:\Users\Admin\AppData\Local\Temp\qsrj2yx3\CSCCB62D7CBE37145109BD2B724840A1CB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\adqw4sc0\adqw4sc0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E8C.tmp" "c:\Users\Admin\AppData\Local\Temp\bsf1yexl\CSCD54DAA6EA51B4B348E82BB4DB3C0D166.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES730F.tmp" "c:\Users\Admin\AppData\Local\Temp\nr0i3zqm\CSCE0EAC88D9A4D4BF58546D49AD6AE2FF.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nr0i3zqm\nr0i3zqm.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wg2uw05i\wg2uw05i.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES74A4.tmp" "c:\Users\Admin\AppData\Local\Temp\wg2uw05i\CSC3D05EBBA148441E6AE329A51EF3138.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uxcpszpm\uxcpszpm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iqgb0n2f\iqgb0n2f.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7282.tmp" "c:\Users\Admin\AppData\Local\Temp\adqw4sc0\CSC15AECE211E75492F8F9B521868C8DDB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3gfk3d3z\3gfk3d3z.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mgglefr3\mgglefr3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7678.tmp" "c:\Users\Admin\AppData\Local\Temp\uxcpszpm\CSCFBA4E5E3C2B44AF2978284638D66582.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7669.tmp" "c:\Users\Admin\AppData\Local\Temp\iqgb0n2f\CSCDEC05F7C4F2F428FB52F9B03999CEA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7781.tmp" "c:\Users\Admin\AppData\Local\Temp\3gfk3d3z\CSC53382E58938471CA9DA272C93309.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES782D.tmp" "c:\Users\Admin\AppData\Local\Temp\mgglefr3\CSC8A71BC14470A45CF9A219AD635F381D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\upt2z4ss\upt2z4ss.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7B78.tmp" "c:\Users\Admin\AppData\Local\Temp\twapo4xt\CSC429BE1B7108249119B1F6A509EBBFEDD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\twapo4xt\twapo4xt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79F2.tmp" "c:\Users\Admin\AppData\Local\Temp\upt2z4ss\CSCAEC094BD1B63494CAA40F058C29C881B.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\urm5rkwm\urm5rkwm.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79D2.tmp" "c:\Users\Admin\AppData\Local\Temp\varrtdxq\CSCFD1CEF546DFD40EA9EFB3EDB9E86B097.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\varrtdxq\varrtdxq.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y2hap21q\y2hap21q.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wp2o1sqm\wp2o1sqm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7F20.tmp" "c:\Users\Admin\AppData\Local\Temp\urm5rkwm\CSC4C4571C89A6948A2BDE086BAC291191.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8113.tmp" "c:\Users\Admin\AppData\Local\Temp\y2hap21q\CSCAB294B123C7840ACBCF803F649C7795.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hynzhid0\hynzhid0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d4wer1fh\d4wer1fh.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8151.tmp" "c:\Users\Admin\AppData\Local\Temp\wp2o1sqm\CSC3763929FBFB8433C8CF220A1BEED14E3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES841F.tmp" "c:\Users\Admin\AppData\Local\Temp\hynzhid0\CSC2E798176A5344D868547C3B312E7793E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES844E.tmp" "c:\Users\Admin\AppData\Local\Temp\d4wer1fh\CSCDD8BA89A659E4B4195474D71247634BC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dymhgsto\dymhgsto.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES875A.tmp" "c:\Users\Admin\AppData\Local\Temp\dymhgsto\CSCF6D82ABD483B463FB3E3BE42E4652FA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3wan4cgc\3wan4cgc.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uzznqhzj\uzznqhzj.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8AF2.tmp" "c:\Users\Admin\AppData\Local\Temp\3wan4cgc\CSC4C819067603B4FB68E629C90A1AD123D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zwwy2ztd\zwwy2ztd.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8C88.tmp" "c:\Users\Admin\AppData\Local\Temp\uzznqhzj\CSC13D6E18E6059472EBBE0B1F7F6617BFE.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tueceqct\tueceqct.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j4rn1y21\j4rn1y21.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8F17.tmp" "c:\Users\Admin\AppData\Local\Temp\j4rn1y21\CSCA0DDED17A84054B18E95D68D134C86.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9001.tmp" "c:\Users\Admin\AppData\Local\Temp\tueceqct\CSC51718B574FB74800A8C97E2D5BEBADE3.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E6B.tmp" "c:\Users\Admin\AppData\Local\Temp\zwwy2ztd\CSC8917F366C0A64D6A8C32C488F5ABED5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\125s24oo\125s24oo.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9712.tmp" "c:\Users\Admin\AppData\Local\Temp\125s24oo\CSC14A030258F5542188FB2F67D191743F2.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sucjlnbn\sucjlnbn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9DD6.tmp" "c:\Users\Admin\AppData\Local\Temp\sucjlnbn\CSC8D0FAC6659B4950AC7295F9D7E6AD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m40v0kip\m40v0kip.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA7F4.tmp" "c:\Users\Admin\AppData\Local\Temp\m40v0kip\CSC4B5D6E38DF39401FAE123C954AA49552.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsbnnvzw\hsbnnvzw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE245.tmp" "c:\Users\Admin\AppData\Local\Temp\hsbnnvzw\CSC5BEC749BD449E5914BB1AF69629819.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5bycubuw\5bycubuw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF8D1.tmp" "c:\Users\Admin\AppData\Local\Temp\5bycubuw\CSC13425E0FFCA4B948514FA5C7CE4D2B8.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| US | 8.8.4.4:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | mediamall098.freedynamicdns.org | udp |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | grounderwarone.rapiddns.ru | udp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
Files
memory/1676-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp
\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
memory/1520-59-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
C:\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
memory/292-85-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
memory/1696-80-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
memory/2032-72-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
memory/608-66-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
C:\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
C:\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
memory/2032-104-0x0000000001270000-0x0000000001284000-memory.dmp
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
memory/556-110-0x00000000009E0000-0x00000000009F4000-memory.dmp
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsm
| MD5 | 464b5e0428e30047c46c986c4be661f2 |
| SHA1 | a45954016a6ceceb213726f65513cdaa176ec67d |
| SHA256 | 67180f5b16e22e49e67108daf109189e2f7421318c782521ecd2cf9ca1ea9c18 |
| SHA512 | 3ad751d83961299f348f5aa18c55c966588143442eb15aac86ab4489d62f464054346859570198ceacf7aca37f082eaf28c8653eab2eabfa4ef08f04c358f650 |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBm
| MD5 | e5c0019799f496f073178e281d9a4b34 |
| SHA1 | 96bd7d80ff361765119ad19e6b59d9c221a2857a |
| SHA256 | b67735fbbd061e91a12b0ecfa31a7b8dfbd863ee996ea13237208baa6ed9e00d |
| SHA512 | d5804b4d8b5a71363b3d2fc834e1e51091d096cc0115788cd0fc0e55a317f0518142ca3dfa4dadcd6fa7369494468c6c00ca98c167702115fe40975e5d4e508b |
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOm
| MD5 | 31eaa2a0f9b2613938e7e6fa761f2437 |
| SHA1 | 8bd6597e316a831088875b7101bceb4773ce8c40 |
| SHA256 | b5fd61376434069e9331e05a733aeaa3a247c3edb03e2bac58da81a45a47a7f0 |
| SHA512 | e980519b3ac4f240f85748385dae2a9b9651a8ecdb14fdbb02966077da12b391950e29ca06d8b214bd97ac0be5bfb3dc6ef38942843b997d0c518191304ef9f3 |
memory/1600-118-0x0000000000000000-mapping.dmp
memory/1676-119-0x0000000000300000-0x000000000030D000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.cmdline
| MD5 | a0b264b7c4b0815085a812e1fcf647bc |
| SHA1 | 4997e8a496a893d33502687cc5e5b4d4c28c79c1 |
| SHA256 | 6951dfd6b330b82c8b3273f0a3d78521b61c09326e46df6a8c651c81b1430a8c |
| SHA512 | ae2c5343c5e887fb660754ad6e059abe736a2861ac880c091e6ea019c5d558d26e2705ad2a2b19e36cf1922e48c6d9b0317c80b2b67e6d9d6255b7abe0c16323 |
\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.0.cs
| MD5 | de6b3732b71cffe5641e0d0338205287 |
| SHA1 | 200584859e4d4501955d2068012558c2cf6f69a1 |
| SHA256 | b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93 |
| SHA512 | 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8 |
\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.0.cs
| MD5 | dda634ae6683c71e4e2a424b76a04f41 |
| SHA1 | 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc |
| SHA256 | 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21 |
| SHA512 | 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a |
\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.0.cs
| MD5 | 22e401264feacf15cfebfbf79ad1e993 |
| SHA1 | cd24f47a0e96d8e48ecce264a03837eebeff4cbb |
| SHA256 | 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4 |
| SHA512 | 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f |
\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.0.cs
| MD5 | 314f7940dcb145914613d3c72b93db66 |
| SHA1 | a59e6a9c5ded6ece177e49d1e2f388f723f23620 |
| SHA256 | 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a |
| SHA512 | 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d |
\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.cmdline
| MD5 | db0c18cb36013e697ab59e53fcf148eb |
| SHA1 | 731afba6f7354bdc69c82c886b4b33ded9f180f7 |
| SHA256 | e2030f7d067a28bcdbfbbe9b04bc0df581adb2da341476e887493e5bec307e2a |
| SHA512 | 1f874e25caa22ba403d5ef552fd96f0577bab1f8fd9bf3980d3d3c0473aa70303b39295bbdbbdfa2519d3e38bf2b616a5792e283ed4d7effbe24cdc3822144d3 |
\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.cmdline
| MD5 | 06ce0a86af77628cfe33e1f8b5ca6ddb |
| SHA1 | 7b0fe818f1bffff089fa605ba002563a770a74dd |
| SHA256 | e1323e3ea2abeb1bf1415939db98a775aa434c37ae790df05efe8e6b599efdfa |
| SHA512 | 2f2a1a005be505392b3d8831448b96b1270ec74765bd831b15de00deae34e49cc99b027c03aba6c699854b4a94f326ab1014b6b5c17aebe6cde9d3caaef42ae5 |
\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.cmdline
| MD5 | 071b1290051e412de617ae08d13995cd |
| SHA1 | 2b0d4dde87ee921eb74bcb8cea4cb284dee2d524 |
| SHA256 | 5c585e7700a7dc364d3c39073cf305bb6234ff811a2d5d08e51d564afe074649 |
| SHA512 | e3c2011ab47331de0fee73ff98271c14c357368b41cf080ccac700478c3a033201f0c026f76ed540731099e066285fd49d7a2d8237ad86e8237cb6c59a3d17cd |
memory/1428-117-0x0000000000000000-mapping.dmp
memory/888-128-0x000000000040DC4E-mapping.dmp
memory/1948-116-0x0000000000000000-mapping.dmp
memory/2016-115-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYm
| MD5 | 3a24b49023c9a54bdb25171475489445 |
| SHA1 | 3e9a1bad0eea419c1427c4490f46ec185f9c2508 |
| SHA256 | a99fc163b86858519606951a13af776edc1bf7693fc8f0b5c7c4ec840c5f6414 |
| SHA512 | 19fddbc47a8a417ece8529b5d016ec77e459d7f02bddb5e718085ee5a463b16823266aa7a90d805222565c9c69ed982524323f4b1ead75eff2b3a20bbce217cf |
memory/556-107-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
memory/1728-103-0x0000000000220000-0x0000000000234000-memory.dmp
memory/292-102-0x0000000000CD0000-0x0000000000CE4000-memory.dmp
memory/892-97-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
C:\Users\Admin\AppData\Local\Temp\RES386F.tmp
| MD5 | f70cf495c18e1024ac0d399215f7ccdb |
| SHA1 | 92b2205374cc5bfd361e0a4a2d8ba3e460276871 |
| SHA256 | bf406aa4b060c46ade3cd5b8facec780fe7287876fa09de44cf2599d6faa5828 |
| SHA512 | c57413d1516b3ba511c8dfb89a35ce6f5c7a91159d171cb61473b94235f13447427ce8454e9e7afc92f4116ba6ebbfe10ddb2b9055eb241df947e6c6905c3644 |
C:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.dll
| MD5 | 3d230589416b71d7ab1f7de472c720b9 |
| SHA1 | 4ba0e772e52043995d9a0b33bc247cca05e90e06 |
| SHA256 | 17f68561bf89792a42ac3c70036e867d8137b7efdf0c772f88ab2a8e4bb9020a |
| SHA512 | 03c23217c9ba2a869dfa9ed77aa2a06e7deadd00767bc498a311688053e059c770881fed5d6c24992a46234ec0082e42704ace651ca6f65c958832f3a826fad2 |
memory/1676-154-0x00000000008A0000-0x00000000008AD000-memory.dmp
memory/556-162-0x0000000000930000-0x0000000000990000-memory.dmp
memory/2032-161-0x0000000000770000-0x0000000000814000-memory.dmp
memory/1728-160-0x0000000000670000-0x00000000006A0000-memory.dmp
memory/888-163-0x00000000712B0000-0x000000007185B000-memory.dmp
memory/268-159-0x0000000000000000-mapping.dmp
memory/292-158-0x0000000000610000-0x000000000064E000-memory.dmp
memory/768-157-0x0000000000000000-mapping.dmp
memory/1760-156-0x0000000000000000-mapping.dmp
memory/988-155-0x0000000000000000-mapping.dmp
memory/1608-153-0x0000000000000000-mapping.dmp
memory/608-152-0x0000000000000000-mapping.dmp
memory/1216-151-0x0000000000000000-mapping.dmp
memory/816-150-0x0000000000000000-mapping.dmp
memory/556-149-0x0000000000560000-0x00000000005C0000-memory.dmp
memory/292-148-0x0000000000200000-0x000000000023E000-memory.dmp
memory/2032-147-0x00000000005B0000-0x0000000000654000-memory.dmp
memory/1728-146-0x0000000000640000-0x0000000000670000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.dll
| MD5 | 02303df3c56e4538a5ccb5651d122af6 |
| SHA1 | a1fde88c1816dd1599fb5ed70b777cd941669185 |
| SHA256 | 1169b14532ad86dc3c1fe4cabe6066f7e9393f5f8ebd639a0e690fc77fc8a83c |
| SHA512 | 5ae6d931d21170dd32fff48291617aaebfad3c18f6fcf9e531fa8014fc535a00e154cec672cfc37d8366dc13b19bd24deb02c3d42b3b6d808ac18824627f3fe4 |
C:\Users\Admin\AppData\Local\Temp\RES3881.tmp
| MD5 | d57de7fe0207347504688d4df48d054e |
| SHA1 | 44fa237c32da8eaec023a3e93d3b13c5df5552a0 |
| SHA256 | ccace2587d67805036cd9db1b275fb839818561c49b28fb9cccc226b33d6ae7c |
| SHA512 | c6947c63234e5d21820fdbfa46ec8ab077dcff9bcbb51e88bee432287a61c0dd252ce51eb4184beb90c0f362ece28e946e2381385649d1f3adad9c3bb51272af |
C:\Users\Admin\AppData\Local\Temp\RES387F.tmp
| MD5 | 88a0e0448f6cbda4e6e17fd280781f53 |
| SHA1 | cee14073259a52fe566c747f88966b6b2ba7fcce |
| SHA256 | 4a4db62c72b10a919ac580c6c359e86e4f4393184a952586008db97a68984cf2 |
| SHA512 | f86dddae7b67f33ce5d2bd92a4964e5c36d376a045aea6c451ee375b653f0e77312b60643fde21afd60796ecf021d3b2c76a130365ea500361f9ef582c21599a |
\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\CSC924F9C24A2CF4A8A86AA65A63969C8.TMP
| MD5 | 5090a6eb5d5791cb4c385278d0d7f929 |
| SHA1 | 53f14eb4b7845154ba9e4c29326172ef51c5e061 |
| SHA256 | ec3914ab0b677d06727dd9a63e087b90a929c577797682c6cfa8f89a7ce7de92 |
| SHA512 | 7cdc217a3ede8b23522394c9ee181c188677be6124dfcd4fe48193930e42338e0fa77651dc292897c54eaf30eb2f217ff43a3c8f238eb86bbe13b584fa87a5c0 |
\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\CSC15C52E756689490C90739BDDFB3042B4.TMP
| MD5 | 3e2f2255a1dc653f07a69dd3533b39ec |
| SHA1 | df239006c6ec43c25a5a8c6dc8579c16ce8169e8 |
| SHA256 | 616573e56347f2fa11a1aed79ff3d9605bd1daa0d6cb5a38c36e5ab2f0eb4e24 |
| SHA512 | b4fbf3c674e61cd716ea6b91d4d75a3e4cf8119676ec776e232330f8cf3515c0ad8d39ae65fba03491c0a9cbf3a4a28a904135f8101288a8fe5af212e6175bea |
C:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.dll
| MD5 | c24331bcfc8bae95d029aadd1c7a5731 |
| SHA1 | 247aa626158a86aec6fd448b6b9f17dc03715188 |
| SHA256 | a938de240e0909b12b3ecf1ec1a134b69ccc56e419ee80d001292c72568493b7 |
| SHA512 | d1131feef5fedf86ee76691659c5bb3d9964d0a539554977cb9dcaf0f79b879d909cd68b5410d356a6cf14395aea25bcfb7d0d6503ab98b2d96dbf12cf6918b3 |
C:\Users\Admin\AppData\Local\Temp\RES3880.tmp
| MD5 | 52c15f47ad7c9668d1279cbfeee847e9 |
| SHA1 | 0a6b296a4c3d6482c36b6b57a49b36641311164b |
| SHA256 | 044fe595216d57b2899730aa1ccebb9463c0634710c65eada433b14a05df3849 |
| SHA512 | 516e5af2f917e1ca82720e86714b3e891aceee1deaf900304e2d681288dacdc3db1cdf11ae8eccbeafad985c923c187075b8056d392e9f380fe00a06530f1bc0 |
C:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.dll
| MD5 | f0dc8e0edb8343d769265e5a737464e6 |
| SHA1 | 04b7b75a0369e799cdf3eec340d258709b14a00d |
| SHA256 | 8a0ad44119bc9574896bbd4b056e753e265afb6f34491906af0dd21fefb437a4 |
| SHA512 | 6bc2ea9bb64850c693eafa59e5d23dd9400cd1f6d271f9a1f302f73834b1b848a3d52c690b5e8cb0291fe5eb6bb0e494735dfd1835dffdbed159e7cb01ff3c68 |
\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\CSCCCD56D6EC80E4CBD8F4956BD50625331.TMP
| MD5 | 4ff554d175469c033822c589e889c9b6 |
| SHA1 | 442a1c0ec1c0fbe9343f085f699401ef316b0f58 |
| SHA256 | e8116f16a9ad2e8186f0115f60a5979ec43999a3b6e5e3b882872141fee31019 |
| SHA512 | 9b2a144114307c41e1b4d06c415f9175492c129a776fca418dfa5faaffddfcdb66a1fc3dfc32fa9cce5a08c8c6cce1d2ffd6df4b4029f6c2de9884e23b1eb681 |
\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\CSCB18C683354CA4D239C8E508BF2CFF4.TMP
| MD5 | ce97eb0574f4259c6f8077bf228d35db |
| SHA1 | dfc455c88b2d018bc1786c3effbdbf4d0d7eeb1c |
| SHA256 | 809becc7dbbe430211519798961121d3e33b5fdf1f6b18b837f693a4e504b0b1 |
| SHA512 | 0659d26c7f204bf313072ac96ca1b57abf23b3f42493684a13ed8758f466129a1bb30b5e9a954fdd472129fb230bc5bfbe8548489744147e9a058a7c8a5152e4 |
memory/1588-133-0x0000000000000000-mapping.dmp
memory/1564-132-0x0000000000000000-mapping.dmp
memory/1980-131-0x0000000000000000-mapping.dmp
memory/1596-130-0x0000000000000000-mapping.dmp
\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
memory/1728-92-0x0000000000000000-mapping.dmp
memory/1728-164-0x00000000003E0000-0x00000000003F6000-memory.dmp
memory/2032-167-0x0000000000560000-0x00000000005A2000-memory.dmp
memory/1044-172-0x0000000000408D6E-mapping.dmp
memory/1088-176-0x000000000040DC4E-mapping.dmp
memory/860-174-0x000000000040586A-mapping.dmp
memory/1700-175-0x000000000041E792-mapping.dmp
memory/1088-180-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1044-173-0x0000000000400000-0x000000000040C000-memory.dmp
memory/1700-181-0x0000000000400000-0x0000000000438000-memory.dmp
memory/556-168-0x0000000000400000-0x0000000000428000-memory.dmp
memory/860-183-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1728-182-0x0000000000620000-0x0000000000623000-memory.dmp
memory/292-165-0x0000000000250000-0x000000000026A000-memory.dmp
memory/1700-184-0x0000000000470000-0x000000000047A000-memory.dmp
memory/1700-185-0x0000000000480000-0x000000000049E000-memory.dmp
memory/1700-186-0x00000000005A0000-0x00000000005AA000-memory.dmp
memory/1808-195-0x0000000000360000-0x0000000000390000-memory.dmp
memory/1216-198-0x0000000000000000-mapping.dmp
memory/920-200-0x0000000000000000-mapping.dmp
memory/1596-205-0x0000000000000000-mapping.dmp
memory/664-207-0x00000000005F0000-0x000000000062E000-memory.dmp
memory/1592-211-0x0000000000408D6E-mapping.dmp
memory/1112-216-0x0000000000000000-mapping.dmp
memory/1628-213-0x0000000000D40000-0x0000000000DE4000-memory.dmp
memory/1628-220-0x00000000011C0000-0x0000000001264000-memory.dmp
memory/1888-225-0x000000000041E792-mapping.dmp
memory/2004-224-0x000000000040586A-mapping.dmp
memory/1628-222-0x0000000000910000-0x0000000000952000-memory.dmp
memory/268-228-0x0000000000000000-mapping.dmp
memory/1200-230-0x0000000000000000-mapping.dmp
memory/1056-229-0x0000000000000000-mapping.dmp
memory/2016-232-0x0000000000000000-mapping.dmp
memory/268-233-0x0000000000240000-0x0000000000270000-memory.dmp
memory/1404-237-0x0000000000000000-mapping.dmp
memory/2004-239-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2024-238-0x0000000000000000-mapping.dmp
memory/268-241-0x0000000000510000-0x0000000000540000-memory.dmp
memory/268-242-0x0000000000210000-0x0000000000226000-memory.dmp
memory/984-244-0x0000000000408D6E-mapping.dmp
memory/1200-245-0x0000000000890000-0x00000000008CE000-memory.dmp
memory/2024-248-0x0000000000290000-0x00000000002F0000-memory.dmp
memory/1404-251-0x0000000004970000-0x0000000004A14000-memory.dmp
memory/2024-250-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/1404-246-0x0000000001180000-0x0000000001224000-memory.dmp
memory/1720-254-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-240-0x0000000000000000-mapping.dmp
memory/1200-236-0x0000000000680000-0x00000000006BE000-memory.dmp
memory/1696-235-0x0000000000000000-mapping.dmp
memory/1212-234-0x0000000000000000-mapping.dmp
memory/760-231-0x0000000000000000-mapping.dmp
memory/1760-219-0x00000000006A0000-0x0000000000700000-memory.dmp
memory/1748-217-0x0000000000000000-mapping.dmp
memory/1636-218-0x0000000000000000-mapping.dmp
memory/1680-214-0x0000000000000000-mapping.dmp
memory/1192-212-0x000000000040DC4E-mapping.dmp
memory/1760-208-0x00000000005C0000-0x0000000000620000-memory.dmp
memory/1808-206-0x00000000003B0000-0x00000000003E0000-memory.dmp
memory/1700-204-0x0000000004D45000-0x0000000004D56000-memory.dmp
memory/984-203-0x0000000000000000-mapping.dmp
memory/892-201-0x0000000000000000-mapping.dmp
memory/1936-202-0x0000000000000000-mapping.dmp
memory/1960-199-0x0000000000000000-mapping.dmp
memory/652-197-0x0000000000000000-mapping.dmp
memory/664-196-0x00000000005B0000-0x00000000005EE000-memory.dmp
memory/768-193-0x0000000000000000-mapping.dmp
memory/1760-194-0x0000000000000000-mapping.dmp
memory/1628-192-0x0000000000000000-mapping.dmp
memory/1708-191-0x0000000000000000-mapping.dmp
memory/1540-190-0x0000000000000000-mapping.dmp
memory/844-189-0x0000000000000000-mapping.dmp
memory/664-188-0x0000000000000000-mapping.dmp
memory/1808-187-0x0000000000000000-mapping.dmp
memory/888-255-0x00000000712B0000-0x000000007185B000-memory.dmp
memory/860-258-0x0000000000400000-0x000000000041D000-memory.dmp
memory/480-260-0x0000000001170000-0x0000000001214000-memory.dmp
memory/1708-262-0x00000000004A0000-0x00000000004D0000-memory.dmp
memory/2016-261-0x00000000003D0000-0x0000000000430000-memory.dmp
memory/1244-259-0x0000000000960000-0x000000000099E000-memory.dmp
memory/1244-263-0x00000000009A0000-0x00000000009DE000-memory.dmp
memory/480-265-0x0000000004970000-0x0000000004A14000-memory.dmp
memory/1708-269-0x00000000004D0000-0x0000000000500000-memory.dmp
memory/2016-270-0x00000000005A0000-0x0000000000600000-memory.dmp
memory/596-274-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1408-275-0x0000000000900000-0x000000000093E000-memory.dmp
memory/1980-276-0x0000000001020000-0x00000000010C4000-memory.dmp
memory/1408-277-0x00000000009E0000-0x0000000000A1E000-memory.dmp
memory/1980-280-0x00000000010C0000-0x0000000001164000-memory.dmp
memory/1192-281-0x00000000002B0000-0x00000000002E0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-31 07:08
Reported
2022-07-31 10:04
Platform
win10v2004-20220721-en
Max time kernel
155s
Max time network
211s
Command Line
Signatures
LimeRAT
NanoCore
WarzoneRat, AveMaria
njRAT/Bladabindi
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\vest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.url | C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4064 set thread context of 2384 | N/A | C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe
"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Firefox.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe 1
C:\Users\Admin\AppData\Local\Temp\vest.exe
"C:\Users\Admin\AppData\Local\Temp\vest.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe 1
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe 1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe 1
C:\Users\Admin\AppData\Local\Temp\peggym.exe
"C:\Users\Admin\AppData\Local\Temp\peggym.exe"
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
"C:\Users\Admin\AppData\Local\Temp\mediamall.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF184.tmp" "c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\CSCBF72C7957F5448C0BF7155DD2D3F9D78.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF406.tmp" "c:\Users\Admin\AppData\Local\Temp\vmxwxss3\CSCE8969110A474D6FB9301BB589568DD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF50E.tmp" "c:\Users\Admin\AppData\Local\Temp\gltpphw5\CSC684DC0A9301240B0A8D0E4BB79D23CD3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF4C0.tmp" "c:\Users\Admin\AppData\Local\Temp\xhirshi5\CSC6758330FA11540DBB958A837CF45E88.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ff2se3bl\ff2se3bl.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDD8.tmp" "c:\Users\Admin\AppData\Local\Temp\ff2se3bl\CSCDC509340B9BA40D0B853A85560F025C6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDC9.tmp" "c:\Users\Admin\AppData\Local\Temp\uwhp1yml\CSC5E3D40F940C7435DB1983158A5F29A99.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uwhp1yml\uwhp1yml.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vlgpnwrx\vlgpnwrx.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1C0.tmp" "c:\Users\Admin\AppData\Local\Temp\oegfmztt\CSCC4D6349E897490397BB7434E3C04192.TMP"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D0.tmp" "c:\Users\Admin\AppData\Local\Temp\ws1izuhe\CSC4FAC4FE0E85B4557ABEEE21A6754A763.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5nikjdbu\5nikjdbu.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES29B.tmp" "c:\Users\Admin\AppData\Local\Temp\vlgpnwrx\CSCD0816885D06A440696653634C76AE453.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ws1izuhe\ws1izuhe.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oegfmztt\oegfmztt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF405.tmp" "c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\CSC499F2B105E284277ABA80A0766D2A61.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cfrx51w5\cfrx51w5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES904.tmp" "c:\Users\Admin\AppData\Local\Temp\cfrx51w5\CSC974D247BC3AE4485ADA14137B2D3640.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8D5.tmp" "c:\Users\Admin\AppData\Local\Temp\sgkurltt\CSC2C6B9731499D41A8B479C39F4C29652E.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sgkurltt\sgkurltt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2BA.tmp" "c:\Users\Admin\AppData\Local\Temp\5nikjdbu\CSCEBF138DA1AC54F10843ED10CF97C3B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF185.tmp" "c:\Users\Admin\AppData\Local\Temp\ubf3koi2\CSC74F450682ED44C19B164327F8C413AE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF126.tmp" "c:\Users\Admin\AppData\Local\Temp\cgd0huxz\CSCD87621FA32694A48876A4BEF7CC01BB3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF186.tmp" "c:\Users\Admin\AppData\Local\Temp\vck1k0sx\CSCC8E36BD8FF5248828336A51174D69796.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1151.tmp" "c:\Users\Admin\AppData\Local\Temp\y4q22dz5\CSCD862391C8D8647BD877AE7CEFA43AD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1141.tmp" "c:\Users\Admin\AppData\Local\Temp\bzcdthsr\CSC86ED9A4534A14ACE8A47B31D4D2C6C8A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES14CB.tmp" "c:\Users\Admin\AppData\Local\Temp\h2qkyd51\CSCC25E3A4FD28745DC9C5147A4F3831BDA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1613.tmp" "c:\Users\Admin\AppData\Local\Temp\hsgxkbl5\CSCC7865E7BEF7140178AA7A1498AF7F9B8.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES150A.tmp" "c:\Users\Admin\AppData\Local\Temp\1mimcnv3\CSCD419AF8AE5B44480B467EDCC5E25DEB6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES16BF.tmp" "c:\Users\Admin\AppData\Local\Temp\wa5zxzwr\CSCCCB57355B475464D83E6959A17347EEA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsgxkbl5\hsgxkbl5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wa5zxzwr\wa5zxzwr.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES144E.tmp" "c:\Users\Admin\AppData\Local\Temp\dczngakj\CSCD8D4021E444E410698D84E28BF69A329.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES141F.tmp" "c:\Users\Admin\AppData\Local\Temp\yqd1mnj3\CSC611DE80769254F50A0CE9F42883DCC6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1mimcnv3\1mimcnv3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\h2qkyd51\h2qkyd51.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yqd1mnj3\yqd1mnj3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dczngakj\dczngakj.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B93.tmp" "c:\Users\Admin\AppData\Local\Temp\lnxcxaha\CSC48FD1E9ED78648818E0FEFEDBB8DEE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B92.tmp" "c:\Users\Admin\AppData\Local\Temp\1yqwk213\CSC875ACFC362D3454EB0B044AA7C516E8D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lnxcxaha\lnxcxaha.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BEF.tmp" "c:\Users\Admin\AppData\Local\Temp\g50uuyt1\CSC78DDEBD67B39439585D6B05618B32C45.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g50uuyt1\g50uuyt1.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1yqwk213\1yqwk213.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bzcdthsr\bzcdthsr.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y4q22dz5\y4q22dz5.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sfdek5o1\sfdek5o1.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EBA.tmp" "c:\Users\Admin\AppData\Local\Temp\wncgvkjb\CSC9BC6410C973548F6A12E81799D48E5DA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EC9.tmp" "c:\Users\Admin\AppData\Local\Temp\iutoenbq\CSC16C5162A6D5E4925B88F9E03A4CDEB5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iutoenbq\iutoenbq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wncgvkjb\wncgvkjb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F65.tmp" "c:\Users\Admin\AppData\Local\Temp\sfdek5o1\CSCA1E581BE54484C9E9AC3D626070BC90.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sz5rvh4l\sz5rvh4l.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4513.tmp" "c:\Users\Admin\AppData\Local\Temp\sz5rvh4l\CSCFD0F3A15CBFF495BB445B96DD21954E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES44F3.tmp" "c:\Users\Admin\AppData\Local\Temp\exm301ao\CSCEE68B886F19343C0ACF88CF8C728925B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\irq4kcnr\irq4kcnr.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\e4gm5x4k\e4gm5x4k.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\exm301ao\exm301ao.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46B8.tmp" "c:\Users\Admin\AppData\Local\Temp\l3dachvp\CSC54EA1C5486FA408AAC7426DAA6DED49E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qldn0ynv\qldn0ynv.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qmoc4cp0\qmoc4cp0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES462C.tmp" "c:\Users\Admin\AppData\Local\Temp\irq4kcnr\CSC48606337A57042DEA95690F7DAC85A25.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qbbqc5ts\qbbqc5ts.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l3dachvp\l3dachvp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES45AF.tmp" "c:\Users\Admin\AppData\Local\Temp\e4gm5x4k\CSC7D93EF4FF355466D871B275707E6E63.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B1D.tmp" "c:\Users\Admin\AppData\Local\Temp\qbbqc5ts\CSCAB556854FB0D4FF28CEC2A7E862CD64A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4CC3.tmp" "c:\Users\Admin\AppData\Local\Temp\qldn0ynv\CSC6F0E283B3862461E899F9085CC3F3AC2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mm1csj2x\mm1csj2x.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\swhxsjlj\swhxsjlj.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES509C.tmp" "c:\Users\Admin\AppData\Local\Temp\swhxsjlj\CSC7521B849E8204F80A27597E17F392D8.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w3k5oh5f\w3k5oh5f.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vcmsfqar\vcmsfqar.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4gbl5bfq\4gbl5bfq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5242.tmp" "c:\Users\Admin\AppData\Local\Temp\mhz5uirw\CSCE099E71522E54D73917636FA8F186D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5251.tmp" "c:\Users\Admin\AppData\Local\Temp\vcmsfqar\CSC6701DC44B27C46F2B499CECEE05DBDC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mhz5uirw\mhz5uirw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52BF.tmp" "c:\Users\Admin\AppData\Local\Temp\4gbl5bfq\CSC5FF853BC85254703B7E7473D24A6E2C8.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iqcx4vt4\iqcx4vt4.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES54F1.tmp" "c:\Users\Admin\AppData\Local\Temp\iqcx4vt4\CSC87C4110C33414A7C88A0ECD614174C1F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\emofsb40\emofsb40.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hkty2our\hkty2our.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES586C.tmp" "c:\Users\Admin\AppData\Local\Temp\hkty2our\CSC811912DF49AC43298B14C4336F0364A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES584C.tmp" "c:\Users\Admin\AppData\Local\Temp\emofsb40\CSC8765B179784A423E8747A2CDD0C1E3B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sw3rjnuy\sw3rjnuy.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5995.tmp" "c:\Users\Admin\AppData\Local\Temp\3fe1hhda\CSCFD8902802873466FA76D408ABFE447.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES59B4.tmp" "c:\Users\Admin\AppData\Local\Temp\52hib1sr\CSC4B1525E3C04E4ABEB3A57278BBA07EF7.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\epfn214h\epfn214h.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5B5A.tmp" "c:\Users\Admin\AppData\Local\Temp\wdpe2d0e\CSC77B8CBCB843344D6BFB828F3BB49A90.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5C73.tmp" "c:\Users\Admin\AppData\Local\Temp\epfn214h\CSC5B0C0FEB52B14F2A839980F6E0B2E04A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yctcp2ll\yctcp2ll.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5D6D.tmp" "c:\Users\Admin\AppData\Local\Temp\yctcp2ll\CSC4CBC8E507DF4660949AC76E8F661FB5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gstcszz3\gstcszz3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5lx1dipk\5lx1dipk.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0dxyrt3d\0dxyrt3d.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5F71.tmp" "c:\Users\Admin\AppData\Local\Temp\0dxyrt3d\CSCA62E7ED337A64AF8A4DFAAD98B2BA4F2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5E28.tmp" "c:\Users\Admin\AppData\Local\Temp\gstcszz3\CSCC04A7F67B1F44B42AB4A253154C3061.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\o5sqagmm\o5sqagmm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES607A.tmp" "c:\Users\Admin\AppData\Local\Temp\5lx1dipk\CSCF2F0A3847221486BB39A6E8D2B95C43.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629D.tmp" "c:\Users\Admin\AppData\Local\Temp\j2pkesnj\CSCDA6E0A17E39045758190EC8C37AAA85D.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6155.tmp" "c:\Users\Admin\AppData\Local\Temp\o5sqagmm\CSC3D8910956C84C59AA4B29CE78B3797.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j2pkesnj\j2pkesnj.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6107.tmp" "c:\Users\Admin\AppData\Local\Temp\gjoiqmvs\CSCD5411E29BFE4CF891CFFE3660B19195.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjoiqmvs\gjoiqmvs.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\itovzfex\itovzfex.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dfpbbixm\dfpbbixm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES655C.tmp" "c:\Users\Admin\AppData\Local\Temp\zn41zuvp\CSC9DCD4ED454174971B7E14D51E859C391.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6618.tmp" "c:\Users\Admin\AppData\Local\Temp\itovzfex\CSC3E4DA321705A4A0AB9FE1E76216F596.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bqkigct0\bqkigct0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5dn2jup2\5dn2jup2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES680C.tmp" "c:\Users\Admin\AppData\Local\Temp\bqkigct0\CSC8D22055D54A14468A7A0D4D9979DA6CE.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1h2rjqcm\1h2rjqcm.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6B19.tmp" "c:\Users\Admin\AppData\Local\Temp\fkzjlxs3\CSC807CF6D693B84248AAA65AECEA225E4E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aejfhdew\aejfhdew.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6BB5.tmp" "c:\Users\Admin\AppData\Local\Temp\1h2rjqcm\CSC5717F8DCA44C493AA6F35CE1DE3D66FB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CCE.tmp" "c:\Users\Admin\AppData\Local\Temp\l4hrserd\CSCF972E3247834413EA9D8D9B0CD2B41FF.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsobzxge\hsobzxge.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6C23.tmp" "c:\Users\Admin\AppData\Local\Temp\aejfhdew\CSCDF371B5C35C14024BDC171C364C7C92D.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l4hrserd\l4hrserd.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6DD8.tmp" "c:\Users\Admin\AppData\Local\Temp\hsobzxge\CSC7CD82CFEBB0406197659FE55C6D9E80.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F9D.tmp" "c:\Users\Admin\AppData\Local\Temp\gjxsvypg\CSC2B5CB804639B4D6DB4F5C1B27C793B6.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7088.tmp" "c:\Users\Admin\AppData\Local\Temp\domlhds2\CSC1A3B30D897A40F7B0DC262247BC98E1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES702A.tmp" "c:\Users\Admin\AppData\Local\Temp\xwsjqioc\CSCD4B5873F2B32453F894BCBC3A034B258.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\domlhds2\domlhds2.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xwsjqioc\xwsjqioc.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\c4iocfii\c4iocfii.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7395.tmp" "c:\Users\Admin\AppData\Local\Temp\2ysksv1m\CSC3BFC4ED7DD18416486BE33B5B4736D3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES73E3.tmp" "c:\Users\Admin\AppData\Local\Temp\c4iocfii\CSCC03974647A2143E7B7C93D163D8F686.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2ysksv1m\2ysksv1m.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\00haetur\00haetur.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75A8.tmp" "c:\Users\Admin\AppData\Local\Temp\00haetur\CSCE48859E3A9AD4839B7B8D8A7F7C99FE5.TMP"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES76D1.tmp" "c:\Users\Admin\AppData\Local\Temp\fya21kak\CSCF5B596A0B4814454B78664FC5EF27F82.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES772F.tmp" "c:\Users\Admin\AppData\Local\Temp\nogtsrjh\CSC432EBFD486DD47388B4B81FF74B0869.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES776D.tmp" "c:\Users\Admin\AppData\Local\Temp\zex5ngbm\CSC982D720DB55F4203B4C4BDE07825973.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fya21kak\fya21kak.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nogtsrjh\nogtsrjh.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zex5ngbm\zex5ngbm.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjxsvypg\gjxsvypg.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fkzjlxs3\fkzjlxs3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES69B2.tmp" "c:\Users\Admin\AppData\Local\Temp\5dn2jup2\CSC48CFA4A89C254C8997183CE73E8CC5B.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES658B.tmp" "c:\Users\Admin\AppData\Local\Temp\dfpbbixm\CSCC07F81E0BA4D487F8CB38EF18D68432A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zn41zuvp\zn41zuvp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5A40.tmp" "c:\Users\Admin\AppData\Local\Temp\sw3rjnuy\CSCD15761458C8049D3B0DAFEC49C3DA13F.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wdpe2d0e\wdpe2d0e.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\52hib1sr\52hib1sr.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3fe1hhda\3fe1hhda.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES553F.tmp" "c:\Users\Admin\AppData\Local\Temp\zrivjgft\CSCF4B1E01FA30E454284B85E8882276C9D.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zrivjgft\zrivjgft.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52AF.tmp" "c:\Users\Admin\AppData\Local\Temp\w3k5oh5f\CSC730B410454944B4E88BB5036E42AB70.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES50DA.tmp" "c:\Users\Admin\AppData\Local\Temp\mm1csj2x\CSC36D1DE1D30C245CEAF32E4AA78A2271.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B9A.tmp" "c:\Users\Admin\AppData\Local\Temp\qmoc4cp0\CSC782EA49843A04DA5AF8D951F393795BD.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n20ypzb5\n20ypzb5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q3wu1ove\q3wu1ove.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i0y00q34\i0y00q34.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lp4totxq\lp4totxq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB3CA.tmp" "c:\Users\Admin\AppData\Local\Temp\n20ypzb5\CSC83E4E8CFD6845AD9482B4BF1ACEB9FA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4C4.tmp" "c:\Users\Admin\AppData\Local\Temp\lp4totxq\CSC88BB81C5680C47399991F47F5E6040B2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB551.tmp" "c:\Users\Admin\AppData\Local\Temp\i0y00q34\CSCA0284E1315004EA1AFF53E78EA1074F2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ionpxddq\ionpxddq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4E4.tmp" "c:\Users\Admin\AppData\Local\Temp\q3wu1ove\CSC8DFA427776E04DA692EE34F578A547EB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB810.tmp" "c:\Users\Admin\AppData\Local\Temp\ionpxddq\CSC464146FB32D49898FB093445543FFFB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\muebynch\muebynch.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bb42vxf3\bb42vxf3.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBB9A.tmp" "c:\Users\Admin\AppData\Local\Temp\muebynch\CSC36F5FC0F61FB4809AE4F96BBBE9DA4FE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBBD9.tmp" "c:\Users\Admin\AppData\Local\Temp\bb42vxf3\CSCB3E97CB9A0324EF690563822401BC99E.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kf0qn0a5\kf0qn0a5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d2evy3tq\d2evy3tq.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cmcw20ev\cmcw20ev.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD9E.tmp" "c:\Users\Admin\AppData\Local\Temp\d2evy3tq\CSCC8EE32A7F9B44C5586A3F917343E34E.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a1123r3p\a1123r3p.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD8E.tmp" "c:\Users\Admin\AppData\Local\Temp\kf0qn0a5\CSC104FF1FDA3B3463B9EF1ED4D3FE07.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rjaiosq3\rjaiosq3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBF73.tmp" "c:\Users\Admin\AppData\Local\Temp\a1123r3p\CSCE485374BDF274244BD2818B7F010EA5B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBDEC.tmp" "c:\Users\Admin\AppData\Local\Temp\cmcw20ev\CSC6C604D5B85B9456BB278C11F138015.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pbufuajb\pbufuajb.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC0F9.tmp" "c:\Users\Admin\AppData\Local\Temp\rjaiosq3\CSCAF793CD3972442F49B9297FBC4CBCCB8.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q1qxnzfi\q1qxnzfi.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC1B5.tmp" "c:\Users\Admin\AppData\Local\Temp\pbufuajb\CSC3E1C288B6256490184153D41769C5D71.TMP"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\axjsd2ic\axjsd2ic.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC31C.tmp" "c:\Users\Admin\AppData\Local\Temp\q1qxnzfi\CSC6946DA28878A42339A9C178C1DD51E4.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC407.tmp" "c:\Users\Admin\AppData\Local\Temp\axjsd2ic\CSC450863C4707646948A166E17444E40.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qo0dlf21\qo0dlf21.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rrqyekoq\rrqyekoq.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zui2ftaz\zui2ftaz.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rzo0wxhx\rzo0wxhx.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC57E.tmp" "c:\Users\Admin\AppData\Local\Temp\qo0dlf21\CSC1E10DA7AE804E1392EA915B1FFDEE87.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC60A.tmp" "c:\Users\Admin\AppData\Local\Temp\zui2ftaz\CSC23EE7A2AC0994436BF4449E7363DBF45.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC5FB.tmp" "c:\Users\Admin\AppData\Local\Temp\rrqyekoq\CSCB3DB6C309CBD4E9AB552396520971A57.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC678.tmp" "c:\Users\Admin\AppData\Local\Temp\rzo0wxhx\CSCC294DA8D25BD4560ABB9577B844919E0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tkhtillt\tkhtillt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA9E.tmp" "c:\Users\Admin\AppData\Local\Temp\tkhtillt\CSC5D2110F4E3A14C9C8458D16AD2FD6F5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cr1oj0l5\cr1oj0l5.cmdline"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n2zy4e5x\n2zy4e5x.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\by3gwnez\by3gwnez.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCB79.tmp" "c:\Users\Admin\AppData\Local\Temp\cr1oj0l5\CSCAFA2B9C3DCC4445683F9893976CD4D.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC44.tmp" "c:\Users\Admin\AppData\Local\Temp\n2zy4e5x\CSCBA6C915321004C5BADF0314B5BBF997.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC82.tmp" "c:\Users\Admin\AppData\Local\Temp\by3gwnez\CSC2AA04A884054FB7A7BCD1BBBA3C1AAE.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vserzocn\vserzocn.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4rxke5rj\4rxke5rj.cmdline"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDCB.tmp" "c:\Users\Admin\AppData\Local\Temp\vserzocn\CSCA8AD62DE190B4A0A86A33F506AB8A575.TMP"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCEC5.tmp" "c:\Users\Admin\AppData\Local\Temp\4rxke5rj\CSCA1B0C0A18B3345B4BF2CA6E845FA888C.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w142g2uj\w142g2uj.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD07A.tmp" "c:\Users\Admin\AppData\Local\Temp\w142g2uj\CSC39B5E8E7327B423AA05E635C3FA86680.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5f1g3bf\p5f1g3bf.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rqh0tcw3\rqh0tcw3.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD25E.tmp" "c:\Users\Admin\AppData\Local\Temp\p5f1g3bf\CSC64BEFCB37D204A208F9A67D1B525B33.TMP"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD339.tmp" "c:\Users\Admin\AppData\Local\Temp\rqh0tcw3\CSC51409A722B584BB4BB4619DB0E8EAEA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2oz15mib\2oz15mib.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gds104ua\gds104ua.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4z2g32yn\4z2g32yn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD3F6.tmp" "c:\Users\Admin\AppData\Local\Temp\gds104ua\CSC2CC52854E368458F93E1CD4CEBE2BDA5.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD3F5.tmp" "c:\Users\Admin\AppData\Local\Temp\4z2g32yn\CSC26E4821016874B69A3895E817B422D1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4B0.tmp" "c:\Users\Admin\AppData\Local\Temp\2oz15mib\CSCA1790CB6542E4BE2A1324853CA2611A6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\s5iuckv5\s5iuckv5.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\k1gkz3nv\k1gkz3nv.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD6D3.tmp" "c:\Users\Admin\AppData\Local\Temp\s5iuckv5\CSCB637080319174B89AAC2AFFA97707CE6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD869.tmp" "c:\Users\Admin\AppData\Local\Temp\k1gkz3nv\CSC8F63C5E9DB854CDCB921E6F7CA4EC4FA.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3iuqdwbj\3iuqdwbj.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB86.tmp" "c:\Users\Admin\AppData\Local\Temp\5jmcgfzv\CSCFCC97338AAA349C390B44A23442CE190.TMP"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aaxslwky\aaxslwky.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4dm4vv3d\4dm4vv3d.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC9F.tmp" "c:\Users\Admin\AppData\Local\Temp\aaxslwky\CSC2E37BE7DEBA248E6908672A031F66EA4.TMP"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDDA9.tmp" "c:\Users\Admin\AppData\Local\Temp\gjrhuzp5\CSCDB0B02883FB347A8AA32FAD0FA7933E6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDE45.tmp" "c:\Users\Admin\AppData\Local\Temp\hjswaiq5\CSC73F68856C309493EA1F6408D5B77F7.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDEF1.tmp" "c:\Users\Admin\AppData\Local\Temp\w5dzkv3h\CSC741FA231AFC54030A9A1BF2338797848.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hjswaiq5\hjswaiq5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l3ykmrdn\l3ykmrdn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE1D0.tmp" "c:\Users\Admin\AppData\Local\Temp\l3ykmrdn\CSCCDF92C69B02F43E0AC6E8FBAF21E72CD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bavwseht\bavwseht.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qvmnyxjh\qvmnyxjh.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w5dzkv3h\w5dzkv3h.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE2F8.tmp" "c:\Users\Admin\AppData\Local\Temp\bavwseht\CSCD083E03ED92B44C5A23027F19A7623AF.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD2C.tmp" "c:\Users\Admin\AppData\Local\Temp\4dm4vv3d\CSCC37705A513B943B9938CBE78443AAEB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjrhuzp5\gjrhuzp5.cmdline"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE4AE.tmp" "c:\Users\Admin\AppData\Local\Temp\qvmnyxjh\CSCD266FFF38BBD49EFB3AABDD67FE96FB.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE54A.tmp" "c:\Users\Admin\AppData\Local\Temp\1kacbee5\CSC4647CEF710E14268863D1273AE4C6A2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE5C7.tmp" "c:\Users\Admin\AppData\Local\Temp\uqedhja5\CSCD8654334907349C6AA12615B649F8A4.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ql14m1nz\ql14m1nz.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE663.tmp" "c:\Users\Admin\AppData\Local\Temp\jlzj5suv\CSC2D6D335E45CE4BD69F1640047F4697D.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4keoy2iw\4keoy2iw.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE71F.tmp" "c:\Users\Admin\AppData\Local\Temp\ql14m1nz\CSC4B8D7E8DEBB94AE49AA57AD26E81EF0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pncmbyb4\pncmbyb4.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEAE8.tmp" "c:\Users\Admin\AppData\Local\Temp\vmogntkt\CSC70E42453FFC940CE86F6D25F9F453E3.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a0uzqexo\a0uzqexo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEDB6.tmp" "c:\Users\Admin\AppData\Local\Temp\pncmbyb4\CSCE0AA7C7610E54A75906A737D97661B1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEEB0.tmp" "c:\Users\Admin\AppData\Local\Temp\a0uzqexo\CSC7DED4B40FA144B84B12D6B6E45932C9A.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vmogntkt\vmogntkt.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE848.tmp" "c:\Users\Admin\AppData\Local\Temp\4keoy2iw\CSC31C4039D5760420099AB163221A3ED88.TMP"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jlzj5suv\jlzj5suv.cmdline"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uqedhja5\uqedhja5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1kacbee5\1kacbee5.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDBF4.tmp" "c:\Users\Admin\AppData\Local\Temp\3iuqdwbj\CSCF1C6D92E10BF4F4288B4A5629F4B7A1.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5jmcgfzv\5jmcgfzv.cmdline"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE12.tmp" "c:\Users\Admin\AppData\Local\Temp\jcg0pxlk\CSC5AA8504ED9964C3C8DB5C8C92CE1D477.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDF3.tmp" "c:\Users\Admin\AppData\Local\Temp\2bhvvyen\CSC1F3B3691BDFF4D9E90296695F0814E7.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2bhvvyen\2bhvvyen.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jcg0pxlk\jcg0pxlk.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3BD6.tmp" "c:\Users\Admin\AppData\Local\Temp\r5qlatmo\CSCEE6BB00EB23A44A584EED2BFAC78AAC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\r5qlatmo\r5qlatmo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\upp31yzr\upp31yzr.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fiqv0z2n\fiqv0z2n.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ofhdvxf2\ofhdvxf2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A5D.tmp" "c:\Users\Admin\AppData\Local\Temp\fiqv0z2n\CSCEE01C851CDC4A3AAA895F4CDF5158F2.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4934.tmp" "c:\Users\Admin\AppData\Local\Temp\ofhdvxf2\CSCE65DF2E63BA54E7AAA9A61253EE367FA.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A4E.tmp" "c:\Users\Admin\AppData\Local\Temp\upp31yzr\CSC5241DF6C15DA4F2C9AA86FFF135B1CA6.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7805.tmp" "c:\Users\Admin\AppData\Local\Temp\fsahps2q\CSCFD06EB9E6E4042499C174B6B159AD1CD.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fsahps2q\fsahps2q.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BED.tmp" "c:\Users\Admin\AppData\Local\Temp\3p3d2pm2\CSCF66345833B4C4C2F86CAA43E36929D77.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C1C.tmp" "c:\Users\Admin\AppData\Local\Temp\2rh4xkjo\CSC1CACC4BD8576497D866192753961374.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C0C.tmp" "c:\Users\Admin\AppData\Local\Temp\yx1wxnwf\CSCC55A748858A3483493C4DF59D6CA8946.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2rh4xkjo\2rh4xkjo.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yx1wxnwf\yx1wxnwf.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7CE7.tmp" "c:\Users\Admin\AppData\Local\Temp\n3iewcql\CSC5254396EB8F54817845716B78AACB7EC.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n3iewcql\n3iewcql.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3p3d2pm2\3p3d2pm2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p1yxrent\p1yxrent.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8275.tmp" "c:\Users\Admin\AppData\Local\Temp\sk2dt0vx\CSCB0023FBE9199448BBCA78F2C8E84E436.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES82A3.tmp" "c:\Users\Admin\AppData\Local\Temp\hoxtfdwn\CSCC638700098484BE096A77D2A845C9AC0.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hoxtfdwn\hoxtfdwn.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES82A4.tmp" "c:\Users\Admin\AppData\Local\Temp\p1yxrent\CSCD298D57338014F5682A08C4373E8772B.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sk2dt0vx\sk2dt0vx.cmdline"
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xm1hxvt0\xm1hxvt0.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES85D0.tmp" "c:\Users\Admin\AppData\Local\Temp\xm1hxvt0\CSC3E8145005BE47429C892E9A6C937E3.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1qa5adwx\1qa5adwx.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8A64.tmp" "c:\Users\Admin\AppData\Local\Temp\1qa5adwx\CSC5BF93E3FD5F541DDAC9A9E6486F47.TMP"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
"RWexPNpgWDiGsaZBma5.exe"
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eso2lhd2\eso2lhd2.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vsrjht44\vsrjht44.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DEE.tmp" "c:\Users\Admin\AppData\Local\Temp\eso2lhd2\CSCE5E77C4E35994B98A2A662B4AFDE279.TMP"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E5B.tmp" "c:\Users\Admin\AppData\Local\Temp\vsrjht44\CSC39E0E65E2F83465296FF3C9E1ED03624.TMP"
Network
| Country | Destination | Domain | Proto |
| US | 93.184.221.240:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 20.189.173.15:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 204.79.197.203:80 | tcp | |
| US | 131.253.33.200:443 | tcp | |
| US | 40.125.122.151:443 | tcp | |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | grounderwarone.rapiddns.ru | udp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | 164.2.77.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mediamall098.freedynamicdns.org | udp |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | grounderwarone.rapiddns.ru | udp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | grounderwarone.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| US | 8.8.8.8:53 | runnermank.rapiddns.ru | udp |
| BE | 35.205.61.67:9091 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
| BE | 35.205.61.67:5500 | runnermank.rapiddns.ru | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
memory/2284-130-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\Firefox.exe
| MD5 | 47f44cfb7a0d35f439d51f0a08bfc0ee |
| SHA1 | b0067be1683bc777b879996aab8c7f0e41755a44 |
| SHA256 | 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031 |
| SHA512 | 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71 |
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
C:\Users\Admin\AppData\Local\Temp\mediamall.exe
| MD5 | 55b63fd0aea1922e85b0be1dd8f3c135 |
| SHA1 | 6aac775e028c07e2b51612f816476608b5f79e59 |
| SHA256 | 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe |
| SHA512 | 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790 |
memory/1064-133-0x0000000000000000-mapping.dmp
memory/3164-142-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
memory/4368-148-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
memory/3520-151-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
C:\Users\Admin\AppData\Local\Temp\vest.exe
| MD5 | c566b68022d55c985c6aec1c335c9399 |
| SHA1 | 82d8549981a6efe8121bf52994dc6960266018de |
| SHA256 | a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873 |
| SHA512 | 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd |
memory/1624-145-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
C:\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
memory/4064-154-0x00000000041F0000-0x00000000041FD000-memory.dmp
memory/3164-157-0x00000000000B0000-0x00000000000C4000-memory.dmp
memory/4580-158-0x00000000005C0000-0x00000000005D4000-memory.dmp
memory/3520-156-0x0000000000100000-0x0000000000114000-memory.dmp
memory/4368-155-0x00000000001F0000-0x0000000000204000-memory.dmp
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsm
| MD5 | 464b5e0428e30047c46c986c4be661f2 |
| SHA1 | a45954016a6ceceb213726f65513cdaa176ec67d |
| SHA256 | 67180f5b16e22e49e67108daf109189e2f7421318c782521ecd2cf9ca1ea9c18 |
| SHA512 | 3ad751d83961299f348f5aa18c55c966588143442eb15aac86ab4489d62f464054346859570198ceacf7aca37f082eaf28c8653eab2eabfa4ef08f04c358f650 |
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYm
| MD5 | 3a24b49023c9a54bdb25171475489445 |
| SHA1 | 3e9a1bad0eea419c1427c4490f46ec185f9c2508 |
| SHA256 | a99fc163b86858519606951a13af776edc1bf7693fc8f0b5c7c4ec840c5f6414 |
| SHA512 | 19fddbc47a8a417ece8529b5d016ec77e459d7f02bddb5e718085ee5a463b16823266aa7a90d805222565c9c69ed982524323f4b1ead75eff2b3a20bbce217cf |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBm
| MD5 | e5c0019799f496f073178e281d9a4b34 |
| SHA1 | 96bd7d80ff361765119ad19e6b59d9c221a2857a |
| SHA256 | b67735fbbd061e91a12b0ecfa31a7b8dfbd863ee996ea13237208baa6ed9e00d |
| SHA512 | d5804b4d8b5a71363b3d2fc834e1e51091d096cc0115788cd0fc0e55a317f0518142ca3dfa4dadcd6fa7369494468c6c00ca98c167702115fe40975e5d4e508b |
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOm
| MD5 | 31eaa2a0f9b2613938e7e6fa761f2437 |
| SHA1 | 8bd6597e316a831088875b7101bceb4773ce8c40 |
| SHA256 | b5fd61376434069e9331e05a733aeaa3a247c3edb03e2bac58da81a45a47a7f0 |
| SHA512 | e980519b3ac4f240f85748385dae2a9b9651a8ecdb14fdbb02966077da12b391950e29ca06d8b214bd97ac0be5bfb3dc6ef38942843b997d0c518191304ef9f3 |
memory/2584-166-0x0000000000000000-mapping.dmp
memory/800-165-0x0000000000000000-mapping.dmp
memory/1756-164-0x0000000000000000-mapping.dmp
memory/1124-163-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
C:\Users\Admin\AppData\Local\Temp\peggym.exe
| MD5 | 86f5876cfa8abe5d8e7d47093dd035db |
| SHA1 | ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9 |
| SHA256 | 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936 |
| SHA512 | e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93 |
C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
| MD5 | 36b8c35ac4fdbc041b56e3f82d9d45b6 |
| SHA1 | 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f |
| SHA256 | b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df |
| SHA512 | 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756 |
memory/4620-137-0x0000000000000000-mapping.dmp
memory/4580-136-0x0000000000000000-mapping.dmp
memory/2384-167-0x0000000000000000-mapping.dmp
\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.cmdline
| MD5 | 28897149c2c87c70d479c5fe428bf413 |
| SHA1 | 99b74693a5b4a3c37712c3a07e3cc9f8940ec8fe |
| SHA256 | 90fd47bbfa92330c43a47af9469c8697f7b09e2174780ced327595301ec087ea |
| SHA512 | d5582db6ee0e83a7941d133fae655af31352926573a07853bb72df7c03b7cd2ed8ff562847b7c6d94fa5e915c4934e391be769d2a8aa76463b7cacde0be26fa0 |
\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.cmdline
| MD5 | 06874454cda05dd488b787f5e4ae063b |
| SHA1 | 119892a940f896119ddbb793fa17a28d08f8c14c |
| SHA256 | 59df959e3f1b7dc63eb7eba2b98285a95f567eda68d976e8dabc928847f084dd |
| SHA512 | f1d462dc4e5b99a4ccd2a86c05ad31c980ca4e082365883f45e5bcfa5127079ba5235f539a57f62e50f0a0d9fc9fa44cf852eaaecf89077c896921a32714bd77 |
\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.0.cs
| MD5 | de6b3732b71cffe5641e0d0338205287 |
| SHA1 | 200584859e4d4501955d2068012558c2cf6f69a1 |
| SHA256 | b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93 |
| SHA512 | 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8 |
\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.0.cs
| MD5 | 22e401264feacf15cfebfbf79ad1e993 |
| SHA1 | cd24f47a0e96d8e48ecce264a03837eebeff4cbb |
| SHA256 | 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4 |
| SHA512 | 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f |
\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.0.cs
| MD5 | 314f7940dcb145914613d3c72b93db66 |
| SHA1 | a59e6a9c5ded6ece177e49d1e2f388f723f23620 |
| SHA256 | 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a |
| SHA512 | 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d |
memory/4064-176-0x0000000004200000-0x000000000420D000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.0.cs
| MD5 | dda634ae6683c71e4e2a424b76a04f41 |
| SHA1 | 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc |
| SHA256 | 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21 |
| SHA512 | 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a |
\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.cmdline
| MD5 | 3822b19231f85788ff95c7e3c470f01b |
| SHA1 | 7a86786a297fed86e17551a2116e9552a101f70a |
| SHA256 | 5fa7bd5755bc7b3bcf12ce5aed3b96ba465e197171cd45e9ceb031069be39d95 |
| SHA512 | 9c700ed77ba05a0cc314d6ddea213a551e986395f212a90b709c13330fb50e5091c1c69e62b1c3ccbe5f9ae5706c8be205b517cb9bb179d8f708ba55adff01e2 |
\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.cmdline
| MD5 | d8db675d272916825a39fefec8cb8536 |
| SHA1 | 337ebc424b1d63cf4f822090d224bcdf6dff27f6 |
| SHA256 | cdf871211face3a49d5368633f97db8b28c29c9e0825868a55cbf3c8cc129620 |
| SHA512 | 5d3c357e2e4234a20d12a541e592a5a86699b50511f36de18dff02f966c62e89a11fbc09f0e8cb4cc88d654dde120a2db95f1ad92ddb4c014dac9f96c5ccc942 |
memory/2168-178-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\RESF184.tmp
| MD5 | fda318441aa89ceb627e2fd7532b3a65 |
| SHA1 | a8e620be295e809b4a542c3954edfaaf363ea2d5 |
| SHA256 | 5b6d579ae7b43c8dfee78288aaab8fd5505c3f50953945b7dc14db3cea98137f |
| SHA512 | a9993e9334868a4c5ebcd6bce819d09a49631fa083f226c54798765caf150e194d53668bf4dff0fce1d47e8eb51985a35bf58e4ca4e8dfee4d46d0710cb12b53 |
C:\Users\Admin\AppData\Local\Temp\RESF185.tmp
| MD5 | ecf42723a8ae92c6a17c2f121af9bba1 |
| SHA1 | 7608139b4d834f39ee50b332a2257f83ca7cfa1c |
| SHA256 | 1ee41816355c3f4e116b665b1a3ec706079a94e746f27199f4da2beae7f25a02 |
| SHA512 | e976045d6e72f5eb749a352a558f27649ee7c87e8bf0272851f5bf7987a567b0d76610223ab7a3ff439d8da0c7410424dd01b85312f28557dac07205b49f5924 |
C:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.dll
| MD5 | 7bc1d7be6637c89109447f5dab617ffe |
| SHA1 | b62a75ba333e79235ec96ee725cf373ee4296720 |
| SHA256 | 09c98d98db96002f8fb709b610bdfb67821adde7fb5758b3d500429890e8a488 |
| SHA512 | 589e3104b337af0c9ff91da992e2ed98ae3b471cacec7482d957e6d157b22496f20597499957677a9fea1ee1856eea0db3cbfd5c04a1dfcf468cca22b93efe80 |
C:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.dll
| MD5 | c098fbe07268501ed5dbd708b356d2ae |
| SHA1 | fef663d1718f551d2dc226f97be0150d3342a783 |
| SHA256 | b86f959a69cfae07ce3c98fb662640c411a80bb1b7c270272deddf6ccccd314f |
| SHA512 | cc72deda98d65dc3a095105274165079c5e3e70255e0345a12dc7b6f5c56418dc45394dc388898e836b0a2e7c2b70d310bab76f71bb7071e20987b7b5adddada |
memory/2384-193-0x0000000070220000-0x00000000707D1000-memory.dmp
memory/3676-195-0x0000000000000000-mapping.dmp
memory/3444-197-0x0000000000000000-mapping.dmp
\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.0.cs
| MD5 | 22e401264feacf15cfebfbf79ad1e993 |
| SHA1 | cd24f47a0e96d8e48ecce264a03837eebeff4cbb |
| SHA256 | 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4 |
| SHA512 | 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f |
\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.0.cs
| MD5 | dda634ae6683c71e4e2a424b76a04f41 |
| SHA1 | 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc |
| SHA256 | 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21 |
| SHA512 | 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a |
C:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.dll
| MD5 | 797faf693bab71433b576fe90d12f59f |
| SHA1 | 7dfc45fec6790e91e6a0784a25acb14ad55bd1d7 |
| SHA256 | 5d086098f9694417555ed6b9f88e5f30a332db559cc65f4b7b11bfdd13217628 |
| SHA512 | d83f93a94d376afe9dbda46667240f1b18ac7cad9c5b25cc8b78e202376925863470a750d37850cb27f14be4baa2360a356f3a79d1f82716a0068eee6a06b278 |
\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\CSC684DC0A9301240B0A8D0E4BB79D23CD3.TMP
| MD5 | 934c00fec7977a48adfb596906fdd044 |
| SHA1 | c2cccdbe4a1de6bfb79e7edb54c23ad4cf217d1f |
| SHA256 | bc30604139ead3796e68336ddf60129df0f075553bd13daa3aadb3e9e9344b7e |
| SHA512 | d2461d8ad1f33b8688a125331f829a19d4ad887296f9b375e2b1fa21ad0ee6297116eb7887cfe531a42319bcf6c186a9ab6773bb8b3af64767cde61e500cd051 |
memory/5024-216-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.dll
| MD5 | f8d9f352234c040e6a2d0f8b70d7a91a |
| SHA1 | 349dca74e57ebd3cf67892aa2a6b7be444a9455d |
| SHA256 | a0f8c4ed28cc6cc967df187eeffbacb3b2407c30a2f860f68e2cda2e6365998c |
| SHA512 | 2e42626f7c42a78d61369cb7a9799dd8087dac8478c759041629fcf58a2b34262125fc4dff88ca70eb0665bf0d4d26e5d7929a3922ba15ea6543dd73edb702b1 |
\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\CSC6758330FA11540DBB958A837CF45E88.TMP
| MD5 | 4f068881b4f02f5d600de73ff202865c |
| SHA1 | b3103b2b25b1ccff5d6d39740c3fc5ae8c1fc7c5 |
| SHA256 | 143a95fea952fe5c15f8b4b61ca07b9b00d33644e8800c9ae41666720c1250e5 |
| SHA512 | e82101ce7d0a71fb30e47f336c9d5a106cc19c4f54b9fc07c18717be323e3d162b80be22fbf8a9608420657a8ac474c7251c06c03984422a89ce2a28db5acbc5 |
C:\Users\Admin\AppData\Local\Temp\RESF405.tmp
| MD5 | f8da527aa95887f5c70e0c038f8a09ba |
| SHA1 | cfde9bfe282516ccff7dc0e95cda80184901f78a |
| SHA256 | e585a0a9669f1281bd5301fc3900dea45616b91c55a53c63950c5d55898b1bca |
| SHA512 | 08f8b0123c9ccf7220a9c1559ef810ce1b1a3fa3ccf54861f58e824f367d27add625cc93546437acedd74b2ead3003bf7a5bf7c3a92a9327c0a842d172ea370f |
memory/3272-211-0x0000000000000000-mapping.dmp
\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.0.cs
| MD5 | de6b3732b71cffe5641e0d0338205287 |
| SHA1 | 200584859e4d4501955d2068012558c2cf6f69a1 |
| SHA256 | b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93 |
| SHA512 | 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8 |
\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.cmdline
| MD5 | c29517e06f68d7f1863887b0c7b67d51 |
| SHA1 | b2f23ea50601f27965446cbdfad26913c6c5717f |
| SHA256 | f42fd2d9a29d67d4eec8748c749fb7eb21348beb96375341a2f720eca4befbbc |
| SHA512 | 4d64faf1516e623c174284d2f7f18ec66d1a70d286eb4803eaa2f9eff702ade9977142d94e2353575e716209d430a102bdd8b52862000faa57dadcf5f13bc861 |
C:\Users\Admin\AppData\Local\Temp\RESF406.tmp
| MD5 | e5f3ca45f5d277262f47862a78416c12 |
| SHA1 | 57bcdcd7314075a7f43cea9be0b98622d92e47f8 |
| SHA256 | 34f16c8dbf28b808f70e3862bd81c694af1087e0cbbf3dcc461424f9f43e0993 |
| SHA512 | 9a205379d0dd8a12623a57db7e3750c180e8c69e7a724de56c42d94414f2965a8052672379d1fb412731bee3afe85ad0ee6b6dd922a932e39d493231eeb187a8 |
C:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.dll
| MD5 | 4789500298c0ac478f0fc414fac22373 |
| SHA1 | b1fd56f7f7539980ea12ddcf0426a6e449b54ac9 |
| SHA256 | c5e891f22ce2a22afbcd16a46e288b6485fd6ed3cb648e205a849470d66067aa |
| SHA512 | e255114f8c1d0ed90a624a4a812b7149f42adf2950909d3671ea45459d5d96c91e348b8e7055287afc6642c7d6962eeab69c02481d188fbf3b218f84d954c3bb |
C:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.dll
| MD5 | 2064701efcc8a1cd7e164428e48dfcce |
| SHA1 | d22998ce6d841b99bb30df99ac7040cde9b111f2 |
| SHA256 | a19935ed02cd6fd01f1af98270da48e629b7bc1e2ab34010e285655ea45d4383 |
| SHA512 | 2bfc68a60b71edc30444b11ff513cc07ae3a0ce7965901a6e1d8fcc83c5d935ee296306190a1e2ceb302d91936659519066ed9b82ed63b0e46c0ffc4a7c1658a |
C:\Users\Admin\AppData\Local\Temp\RESF4C0.tmp
| MD5 | c93d7dd1aa7b2c045d6132f7ba775394 |
| SHA1 | f093aa8fffabf97726fb85385e66c014905f522c |
| SHA256 | 3162039c8f2ca2a14c2917848da4694c988539671387e72a5312ae34957bef30 |
| SHA512 | 1f6485feacf2702dc16400ca805f9b992daa9479416db1ed73883c5daa4cb783986764471a67f1cf6822138b8795a272097b51652611621fe34fca7b7255dcc4 |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
| MD5 | 5481f39c9525bcfde68c447cac531494 |
| SHA1 | c9ba874c23488c37911f3432a8fc502521d29f3f |
| SHA256 | 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a |
| SHA512 | 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42 |
memory/4308-230-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4308-232-0x0000000005E70000-0x0000000006414000-memory.dmp
memory/4308-233-0x00000000058C0000-0x0000000005952000-memory.dmp
memory/1420-231-0x0000000004C50000-0x0000000004CEC000-memory.dmp
memory/1716-229-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1420-228-0x0000000000400000-0x000000000040C000-memory.dmp
memory/3520-234-0x0000000004AD0000-0x0000000004AD3000-memory.dmp
memory/4308-235-0x0000000005770000-0x000000000577A000-memory.dmp
memory/2148-236-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2688-241-0x0000000000000000-mapping.dmp
memory/3924-245-0x0000000000000000-mapping.dmp
memory/4180-244-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
| MD5 | 26094bb49f16575f9c682e7660722059 |
| SHA1 | 69bdbc3de60f8881630851f34180ae45eeadfd65 |
| SHA256 | 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20 |
| SHA512 | 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83 |
memory/3372-243-0x0000000000000000-mapping.dmp
memory/4952-240-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
| MD5 | 906b9bdf13fc83d238e75be6c9041d70 |
| SHA1 | a486d170b5581acb25a085df8cc63b6ac38d72f6 |
| SHA256 | 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd |
| SHA512 | c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266 |
memory/1516-238-0x0000000000000000-mapping.dmp
memory/2820-237-0x0000000000000000-mapping.dmp
memory/4308-226-0x0000000000000000-mapping.dmp
memory/1716-223-0x0000000000000000-mapping.dmp
memory/2148-222-0x0000000000000000-mapping.dmp
memory/1420-225-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\RESF50E.tmp
| MD5 | 6a826eea43e3223e434e604473913def |
| SHA1 | 18742b8adfd34e3007ea55a3bbd706f2536493ff |
| SHA256 | bceb5874facb2f045c808c95ff7a774d2a958d45b069bc8472fa5966be6f6415 |
| SHA512 | fe2de45502775a610d779cbd47e546341a678845bd5df5fbab3df2a2ff2393900355302c5b159e5edac0097fd29676f944426aabc554446217317c128f2c5cf1 |
memory/5040-246-0x0000000000000000-mapping.dmp
memory/3592-250-0x0000000000000000-mapping.dmp
memory/4620-249-0x0000000000000000-mapping.dmp
memory/1064-248-0x0000000000000000-mapping.dmp
memory/4188-251-0x0000000000000000-mapping.dmp
memory/4572-252-0x0000000000000000-mapping.dmp
memory/4908-247-0x0000000000000000-mapping.dmp
\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\CSC499F2B105E284277ABA80A0766D2A61.TMP
| MD5 | 8dad1e667007a4030fb620fd43039e6a |
| SHA1 | 0dea7841b7e4dc853360e44bef815a02f0e9dd67 |
| SHA256 | c66e55175b6701c5f825881b7af19d3bbf42e7823eb25467ce0c3aaf042152d4 |
| SHA512 | b0f427bcbe3ce72a9923f564d2cb294bc75316c231e8330ef0ec6d184d2232c1ca46316f3f068ae7d0f9f5e719427d618aaf0fc9b20497daf2a7818e28aa024a |
\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\CSCE8969110A474D6FB9301BB589568DD.TMP
| MD5 | fa7858a5ba04b57d680d2c99a9fd516a |
| SHA1 | 91d73d292540de83ca377b302a772821fc63c43d |
| SHA256 | 135becb126e7212aaa3cafc11523f547435f2cb36d8df1354d2c0121f346be59 |
| SHA512 | 4ac51d7b3287bbdae2b0cb1fe6fb21bc18f3d2a4bc30489d41adf319160e89b46ccbd7bc55103e99bf77ce30c1fa4f91690b9cf366c81825778d14a924ff6e88 |
\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.cmdline
| MD5 | dbdf6a3195cd4651c451b3989c47b84d |
| SHA1 | 160627cc979cb1fbaf84fb1a314af3e285bdaa53 |
| SHA256 | fd07308a2f67230a4da32a4e4428bd49619bd3b712b64af32b1297df8a512d12 |
| SHA512 | 8e5f8fc43ffa707b2446093f46987b3eb0610ea48642225a64e11462ab5017b8f855e348af35a8e4a3d9ad63348d065d34f364b0292e219b401d6733684316a5 |
memory/4284-203-0x0000000000000000-mapping.dmp
memory/3860-202-0x0000000000000000-mapping.dmp
\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.0.cs
| MD5 | 314f7940dcb145914613d3c72b93db66 |
| SHA1 | a59e6a9c5ded6ece177e49d1e2f388f723f23620 |
| SHA256 | 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a |
| SHA512 | 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d |
\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.cmdline
| MD5 | 66815a2ff3e8276b29b955dcb68fabe2 |
| SHA1 | eb5f27e4ce9fef4401ff9f3a95bb521ecbcbfc17 |
| SHA256 | 9b2c9935e48ac2b24c11699b19b787bc0ab4ae00fedb9db368129f0f442b4390 |
| SHA512 | b6b4d513b0a49f5716010d0cc7c4d5cd28448be0217106fd9996970562e44f2c5712e7f4a2a9d1d31f0ae8d2c694c672f58d84003371c9bb814673cbcc767646 |
\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.cmdline
| MD5 | 077eed42fa54e8ec95d66a5cc0af1965 |
| SHA1 | b4336e555f11ddab9b1edbdb2d95e92a3269a2eb |
| SHA256 | 4fea64ef318f328172c1903df41c6be21df71e58fb01fe325bcfc39c66af35e9 |
| SHA512 | 7aa73fa2c44cceedb5b4e9815b47b38ba3a4ecc62a4f68bee2d4ed4b617f275954f04d34606a0c2778a4c971acb409b25dfdced1b67bd8a05cdc489b9cf1f1e2 |
memory/5068-196-0x0000000000000000-mapping.dmp
memory/2680-194-0x0000000000000000-mapping.dmp
memory/4572-257-0x00000000013E0000-0x00000000013E1000-memory.dmp
memory/2892-258-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4876-259-0x0000000000000000-mapping.dmp
memory/3752-260-0x0000000000000000-mapping.dmp
memory/2892-256-0x0000000000000000-mapping.dmp
memory/4292-261-0x0000000000000000-mapping.dmp
memory/3976-255-0x0000000000000000-mapping.dmp
memory/2116-254-0x0000000000000000-mapping.dmp
memory/4432-253-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.dll
| MD5 | 505e9166eccddb74ce233283d87fe62c |
| SHA1 | b47696589946055773c6c4b398e25c5731cfc0ca |
| SHA256 | 4889bc432d7516b3f10d93024a90e42d0c6513095c9a0fe5f573b00d744e1898 |
| SHA512 | 932eefbb082c4c405ac339150def17b8726e28f39321a34673c9956952a53e8a0169995ee46118312a90e819487ba2e2d20b42480df2d20c7955485323a8474d |
C:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.dll
| MD5 | 10f34eac822120f596cd59992c2ebcc7 |
| SHA1 | 174ab2a21a6936b5eaf317312da8f729c27fdb6c |
| SHA256 | 94d1327d57ff240bea74befa35321dcac21ae93c59fe7d55ba19ad86707e497d |
| SHA512 | 7241fc2c3ff3d8d3ce2c34ee1f1741b2fc2b199fb21c53736ceb4db8da7ba94a8fa3a976297935135852fd9373da3f239788cce4d14d29533ba895c10def018e |
C:\Users\Admin\AppData\Local\Temp\RESF126.tmp
| MD5 | 45f2bdaf6bc4c0165110b9a78cdf71d4 |
| SHA1 | 93989e30faaa0c43eee72978af8ecddc7a708038 |
| SHA256 | 80dc59558e83acff6c19174ceac67468afd1e9b27456f7c9ca112f30ebfb1891 |
| SHA512 | 8c55343068d35d93abbf509fb3a84268f4cc1920864646e049cc0d7adef67c4a92cc987a63527a177f45047632133b88473cdd1688cfb9b4b730c401317f421c |
C:\Users\Admin\AppData\Local\Temp\RESF186.tmp
| MD5 | 0ef1cfb895b350ff10b393c61f9256b6 |
| SHA1 | 31583a3c3d0113b76c3a145cf7f9c804782da9ab |
| SHA256 | 1807956ec897f35bd86d0e50e2d6e77152c687ef03792c14f98346d9dcf9e5d0 |
| SHA512 | 741e0eab84041c5bc95f67de32097a19b95abadbff580db7ba3b0f87a9f19dfa5de0d5731b85d88048f3ff0ca7ba1ebf288b8a74cc4f0525bf62d950ac0cd05a |
\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\CSC74F450682ED44C19B164327F8C413AE.TMP
| MD5 | 2eed4aabc6bf343bdd643aac89d7a6a4 |
| SHA1 | f13bfd561a4fffae2e19cea8b095ac053619f722 |
| SHA256 | f8f28e6f8c794204574f4d3c86502f06ae86128a2e07c5b325091882a0487a54 |
| SHA512 | 62f61872184755104facf5b93843e0b55e98e902bac23837b7a6c8b7e2113a763f8f951fac89bb17f41755e888dda591af69ba5d17c0021d2eb093c244a79ffe |
\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\CSCC8E36BD8FF5248828336A51174D69796.TMP
| MD5 | a5b365e9cbde284c9b22b48286248dc6 |
| SHA1 | cf85dd06ce820199e5c6eb11e75f87ce0a87ce2c |
| SHA256 | 0f537f79745bc0daa9cc8d4fcb9905aa6f6880dbe02b0500a583f73b449cce01 |
| SHA512 | acb1c3b8de1434db6456812adfb1aaa970e06df27bb5712af950d3894fac43eb9ec9104cc81269ddc83f668f446672dbbbb67b4c54865f1c400ba80a14174b17 |
\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\CSCBF72C7957F5448C0BF7155DD2D3F9D78.TMP
| MD5 | 0e1e39e7f503ee0bc0da83bd810c6ddc |
| SHA1 | 6898fc34016d3468d4008f85b65682e782c903aa |
| SHA256 | ddde74604bf8bc4e5cbc11318f35b6572a573645d32a1bc991bdfcf53d460d74 |
| SHA512 | cd26d731ef4cbac767d08779d832cf729054f8465f07e654f58670b46b28a857e0f98b04e1bceef3cb12406e6493baf12da05320fb362a0513431dbda41e69c2 |
\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\CSCD87621FA32694A48876A4BEF7CC01BB3.TMP
| MD5 | 5d2e77176030e2284a16b73aefb4fc78 |
| SHA1 | 451cb847aed8c5f2dff65531984c082add3ec251 |
| SHA256 | 39d169edc6cc9b9a95e43ccbe7d5a84ed3a9e538457059af4aa49457a9ed912c |
| SHA512 | 787240cc25381a974398e35faf87e071629c28521e7e55951a9c8933215ef7405bbec0640a9104c24704b361fddc94b571481d00ca6eb20d511c90619609b1f6 |
memory/1556-180-0x0000000000000000-mapping.dmp
memory/828-179-0x0000000000000000-mapping.dmp
memory/4260-177-0x0000000000000000-mapping.dmp
memory/2736-262-0x0000000000000000-mapping.dmp
memory/1428-266-0x0000000000000000-mapping.dmp
memory/2864-265-0x0000000000000000-mapping.dmp
memory/2836-268-0x0000000000000000-mapping.dmp
memory/964-267-0x0000000000000000-mapping.dmp
memory/3364-269-0x0000000000000000-mapping.dmp
memory/3480-270-0x0000000000000000-mapping.dmp
memory/2736-271-0x0000000000550000-0x0000000000551000-memory.dmp
memory/4512-264-0x0000000000000000-mapping.dmp
memory/4240-275-0x0000000000000000-mapping.dmp
memory/3784-276-0x0000000000000000-mapping.dmp
memory/4692-277-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3880-274-0x0000000000000000-mapping.dmp
memory/3824-273-0x0000000000000000-mapping.dmp
memory/3872-272-0x0000000000000000-mapping.dmp
memory/1808-263-0x0000000000000000-mapping.dmp
memory/2384-278-0x0000000070220000-0x00000000707D1000-memory.dmp
memory/4520-279-0x0000000000F90000-0x0000000000F91000-memory.dmp
memory/2148-280-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2892-281-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4692-282-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4796-283-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1864-284-0x0000000001190000-0x0000000001191000-memory.dmp
memory/3196-286-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5084-287-0x0000000000D90000-0x0000000000D91000-memory.dmp
memory/536-288-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4932-289-0x0000000001500000-0x0000000001501000-memory.dmp
memory/4208-291-0x0000000000DC0000-0x0000000000DC1000-memory.dmp
memory/2700-290-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4796-292-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1604-293-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4264-294-0x00000000014B0000-0x00000000014B1000-memory.dmp
memory/4984-295-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1948-296-0x0000000000400000-0x000000000041D000-memory.dmp
memory/260-297-0x00000000007E0000-0x00000000007E1000-memory.dmp
memory/4984-285-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4944-298-0x0000000000CE0000-0x0000000000CE1000-memory.dmp
memory/3196-299-0x0000000000400000-0x000000000041D000-memory.dmp
memory/536-300-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2700-301-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1604-302-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1948-303-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2428-304-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4592-305-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4240-306-0x00000000014D0000-0x00000000014D1000-memory.dmp
memory/3184-307-0x0000000000400000-0x000000000041D000-memory.dmp
memory/628-308-0x0000000000AE0000-0x0000000000AE1000-memory.dmp
memory/3012-309-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5056-310-0x00000000017F0000-0x00000000017F1000-memory.dmp
memory/4300-311-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5192-313-0x00000000009F0000-0x00000000009F1000-memory.dmp
memory/2428-312-0x0000000000400000-0x000000000041D000-memory.dmp
memory/6080-315-0x0000000000D10000-0x0000000000D11000-memory.dmp
memory/5956-314-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4592-316-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4772-317-0x0000000001140000-0x0000000001141000-memory.dmp
memory/3184-318-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3012-319-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4300-320-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5956-321-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4620-322-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5632-323-0x00000000019B0000-0x00000000019B1000-memory.dmp
memory/4396-324-0x0000000000400000-0x000000000041D000-memory.dmp
memory/6032-325-0x00000000013F0000-0x00000000013F1000-memory.dmp