Malware Analysis Report

2024-11-16 13:08

Sample ID 220731-hyh64aeghq
Target 9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a
SHA256 9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a
Tags
limerat nanocore njrat warzonerat office@hacker infostealer keylogger rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a

Threat Level: Known bad

The file 9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a was found to be: Known bad.

Malicious Activity Summary

limerat nanocore njrat warzonerat office@hacker infostealer keylogger rat spyware stealer trojan

NanoCore

njRAT/Bladabindi

WarzoneRat, AveMaria

LimeRAT

Warzone RAT payload

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

Enumerates physical storage devices

NSIS installer

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-07-31 07:08

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-31 07:08

Reported

2022-07-31 10:04

Platform

win7-20220718-en

Max time kernel

75s

Max time network

198s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"

Signatures

LimeRAT

rat limerat

NanoCore

keylogger trojan stealer spyware nanocore

WarzoneRat, AveMaria

rat infostealer warzonerat

njRAT/Bladabindi

trojan njrat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.url C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
N/A N/A C:\Windows\system32\conhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\Firefox.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 608 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1520 wrote to memory of 2032 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
PID 1520 wrote to memory of 2032 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
PID 1520 wrote to memory of 2032 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
PID 1520 wrote to memory of 2032 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 1676 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\system32\conhost.exe
PID 608 wrote to memory of 292 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 608 wrote to memory of 292 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 608 wrote to memory of 292 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 608 wrote to memory of 292 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 1696 wrote to memory of 1728 N/A N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 1696 wrote to memory of 1728 N/A N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 1696 wrote to memory of 1728 N/A N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 1696 wrote to memory of 1728 N/A N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 1676 wrote to memory of 892 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 892 wrote to memory of 556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 892 wrote to memory of 556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 892 wrote to memory of 556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 892 wrote to memory of 556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe

"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe 1

C:\Users\Admin\AppData\Local\Temp\peggym.exe

"C:\Users\Admin\AppData\Local\Temp\peggym.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe 1

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

"C:\Users\Admin\AppData\Local\Temp\mediamall.exe"

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

"C:\Users\Admin\AppData\Local\Temp\Firefox.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.cmdline"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe 1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES387F.tmp" "c:\Users\Admin\AppData\Local\Temp\q5qh104c\CSC924F9C24A2CF4A8A86AA65A63969C8.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3ediehn5\3ediehn5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E2A.tmp" "c:\Users\Admin\AppData\Local\Temp\rcryokro\CSC3E324A125D0E47059AC8DEC3F275971.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F04.tmp" "c:\Users\Admin\AppData\Local\Temp\aa4pj4n0\CSC5BCFDC5EC4D945489DAAEB9EB843E3D5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3ED5.tmp" "c:\Users\Admin\AppData\Local\Temp\3ediehn5\CSCCE41B91ACDAB4D31AFE9281270AA4F83.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E49.tmp" "c:\Users\Admin\AppData\Local\Temp\rasrywrd\CSC8BC85E64855A43F19DD27AC69D422079.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rasrywrd\rasrywrd.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aa4pj4n0\aa4pj4n0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rcryokro\rcryokro.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3880.tmp" "c:\Users\Admin\AppData\Local\Temp\zutfxp54\CSCCCD56D6EC80E4CBD8F4956BD50625331.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES386F.tmp" "c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\CSCB18C683354CA4D239C8E508BF2CFF4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3881.tmp" "c:\Users\Admin\AppData\Local\Temp\5r5glz2i\CSC15C52E756689490C90739BDDFB3042B4.TMP"

C:\Users\Admin\AppData\Local\Temp\vest.exe

"C:\Users\Admin\AppData\Local\Temp\vest.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe 1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xivsp0ka\xivsp0ka.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES60B8.tmp" "c:\Users\Admin\AppData\Local\Temp\p5qr0k4v\CSCD26C240B9A714AD5AB685B75C7ECE3D5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ylnlr1gs\ylnlr1gs.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629C.tmp" "c:\Users\Admin\AppData\Local\Temp\ccdpgzrw\CSC1A92854E5B104D31809E5F4382C2AED.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES650B.tmp" "c:\Users\Admin\AppData\Local\Temp\3v04avxi\CSCCBFADAC768794CF1BBCD8715D4263B2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES68A3.tmp" "c:\Users\Admin\AppData\Local\Temp\x45432hn\CSC8F6DD9C132CA4CBCA14622FCF153CC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mph03202\mph03202.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6AC5.tmp" "c:\Users\Admin\AppData\Local\Temp\mph03202\CSC1776509664504CBDB5C6429290D7E9D0.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6C89.tmp" "c:\Users\Admin\AppData\Local\Temp\wjlx4ovo\CSCF71E6D98F6407AAC57293373C2A044.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CB8.tmp" "c:\Users\Admin\AppData\Local\Temp\1rh5b44i\CSC9D092A2D6334412F807FC71353F98C2D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CD7.tmp" "c:\Users\Admin\AppData\Local\Temp\lhiarvmb\CSCD6C3BA65C434053BEFFF73FC84BBD7F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E2F.tmp" "c:\Users\Admin\AppData\Local\Temp\34zwbtmt\CSC2832ECE5E69248EEA15F98C39FEA9D2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E3E.tmp" "c:\Users\Admin\AppData\Local\Temp\ecp2lgx2\CSCB598522AB81A401898E603D87263C1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\34zwbtmt\34zwbtmt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ecp2lgx2\ecp2lgx2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wjlx4ovo\wjlx4ovo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lhiarvmb\lhiarvmb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1rh5b44i\1rh5b44i.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES695E.tmp" "c:\Users\Admin\AppData\Local\Temp\xnqlyczs\CSC1AAC183C555A4068A79ECEE8BD855D65.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xnqlyczs\xnqlyczs.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x45432hn\x45432hn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6578.tmp" "c:\Users\Admin\AppData\Local\Temp\czdpwmte\CSC23E0DE151665405F868F38DC33ADF72.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\czdpwmte\czdpwmte.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3v04avxi\3v04avxi.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES62F8.tmp" "c:\Users\Admin\AppData\Local\Temp\nj5gbe4s\CSCB5EF440881F647F1A1C038C7F8A7C3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES62BA.tmp" "c:\Users\Admin\AppData\Local\Temp\rxpyubsn\CSC89F96CFA56D449FE92EF4F08F6CBA82.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629B.tmp" "c:\Users\Admin\AppData\Local\Temp\ylnlr1gs\CSC8CA8DD7FCF37452AB2349544833514F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rxpyubsn\rxpyubsn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nj5gbe4s\nj5gbe4s.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ccdpgzrw\ccdpgzrw.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES60B7.tmp" "c:\Users\Admin\AppData\Local\Temp\xivsp0ka\CSCAA0A6E302D6A4239A6C6E7DC52A5DC4D.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5qr0k4v\p5qr0k4v.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rsmktbov\rsmktbov.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\py1y02e3\py1y02e3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jm3p4s51\jm3p4s51.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jlzqwvpb\jlzqwvpb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAF72.tmp" "c:\Users\Admin\AppData\Local\Temp\jlzqwvpb\CSC31DB08A850F424FA58B1BF8DF2F52C4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAFD0.tmp" "c:\Users\Admin\AppData\Local\Temp\rsmktbov\CSC485B62AD6AED44349623C5B2C577D3E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB03D.tmp" "c:\Users\Admin\AppData\Local\Temp\py1y02e3\CSCE244A2C9C4684F70BA8DEDA2CBE5AF88.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tteznrah\tteznrah.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kvwwuacs\kvwwuacs.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB06C.tmp" "c:\Users\Admin\AppData\Local\Temp\jm3p4s51\CSC6B55D0F931644C8B9870D0FDD6E42A9.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bd2vee31\bd2vee31.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4B0.tmp" "c:\Users\Admin\AppData\Local\Temp\3233wweq\CSCE910E48EF9F740B2B3F3B0EB124FCF3C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\imkmjq5l\imkmjq5l.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB462.tmp" "c:\Users\Admin\AppData\Local\Temp\bd2vee31\CSC1ECA12AE4F2A4F3B8FCC1BFD99322BAA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB2BD.tmp" "c:\Users\Admin\AppData\Local\Temp\tteznrah\CSC65649D93DF2C421184E494318E7DFC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB8C5.tmp" "c:\Users\Admin\AppData\Local\Temp\imkmjq5l\CSC2C28E84F28340ABB89580719F1A6E8.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB240.tmp" "c:\Users\Admin\AppData\Local\Temp\kvwwuacs\CSC7887716C60244767A02C8DD252302D28.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3233wweq\3233wweq.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ugbvmtpi\ugbvmtpi.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\meyuznr5\meyuznr5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBAB8.tmp" "c:\Users\Admin\AppData\Local\Temp\ugbvmtpi\CSC657E3DBDEAA348F397AC1CA817459D2A.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ycmmt52d\ycmmt52d.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hushwk0c\hushwk0c.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0r40ohxa\0r40ohxa.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD48.tmp" "c:\Users\Admin\AppData\Local\Temp\hushwk0c\CSC9BC9DD66720C475785F97F82BF5029.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBE60.tmp" "c:\Users\Admin\AppData\Local\Temp\ycmmt52d\CSCDEA9FEE1FA6146F3B214785DA94132F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\znyabqhr\znyabqhr.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tna3qmdm\tna3qmdm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD96.tmp" "c:\Users\Admin\AppData\Local\Temp\0r40ohxa\CSC175E878ACE9E47B6AC26D2FBDEBEF36.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBAD8.tmp" "c:\Users\Admin\AppData\Local\Temp\meyuznr5\CSC7C0C90246FB14D2AB1DAA0BBC1133BE3.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC044.tmp" "c:\Users\Admin\AppData\Local\Temp\tna3qmdm\CSCEE7CF6A0BAAE48A8965124395B4DAB9.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBFA8.tmp" "c:\Users\Admin\AppData\Local\Temp\znyabqhr\CSCFF7E243DE1E643AA8DE6B2767A3B1AB0.TMP"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u5h4i3s3\u5h4i3s3.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC266.tmp" "c:\Users\Admin\AppData\Local\Temp\u5h4i3s3\CSC4C1659CA5D46B09CDB463C9D559A4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mxfjenoa\mxfjenoa.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ca5nwrqv\ca5nwrqv.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC3BD.tmp" "c:\Users\Admin\AppData\Local\Temp\mxfjenoa\CSC35C604B52D3A438FAC8B8010E91D361.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC543.tmp" "c:\Users\Admin\AppData\Local\Temp\kzk3d1kf\CSCA68A3D8D730E45738591CD383134641D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\okkc00qo\okkc00qo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rbua31hl\rbua31hl.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC68B.tmp" "c:\Users\Admin\AppData\Local\Temp\rbua31hl\CSCAD11661AF58F4A40B9F0A3DB192DE5C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t25tppy2\t25tppy2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC708.tmp" "c:\Users\Admin\AppData\Local\Temp\okkc00qo\CSCDE65ADEFFFB74E13998ED44DABADE31F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ujwnybr2\ujwnybr2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC42A.tmp" "c:\Users\Admin\AppData\Local\Temp\ca5nwrqv\CSC54CA1CCF821E4510BB4AD020ABDF2D0.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kzk3d1kf\kzk3d1kf.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC7E2.tmp" "c:\Users\Admin\AppData\Local\Temp\ujwnybr2\CSCC18CD77EE43347AFAD72437E3BC2C6B6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC709.tmp" "c:\Users\Admin\AppData\Local\Temp\t25tppy2\CSC9C67F300A3C94449BBD0856B21A05FC.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ngtzo3m\5ngtzo3m.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ssqt3we5\ssqt3we5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g11hnrfn\g11hnrfn.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD4E.tmp" "c:\Users\Admin\AppData\Local\Temp\ssqt3we5\CSC5A2CA639E2A94514AD915C1BBD55448D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD7D.tmp" "c:\Users\Admin\AppData\Local\Temp\5ngtzo3m\CSCDB6EED5B31384D4990C7F2F7EFEB315D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2vcvgeaw\2vcvgeaw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2expkoqi\2expkoqi.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD20.tmp" "c:\Users\Admin\AppData\Local\Temp\g11hnrfn\CSCF5B2EBEDEEE944D8AAB2742689CE43B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4pohgeqo\4pohgeqo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\v5luuf20\v5luuf20.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFCE.tmp" "c:\Users\Admin\AppData\Local\Temp\2vcvgeaw\CSCF2BE9F6CD35A49DA90B8421A76187840.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCF80.tmp" "c:\Users\Admin\AppData\Local\Temp\2expkoqi\CSC2866B698C85440DDA9177F983A5631C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD099.tmp" "c:\Users\Admin\AppData\Local\Temp\4pohgeqo\CSC449684E56F2D4027A0877AC2B8BCF758.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cu2eptsx\cu2eptsx.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD183.tmp" "c:\Users\Admin\AppData\Local\Temp\v5luuf20\CSC662FE71AD3F41D4854B3431EA4E5F92.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD386.tmp" "c:\Users\Admin\AppData\Local\Temp\cu2eptsx\CSC80F0556EA657429596DE36976659F91D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4CD.tmp" "c:\Users\Admin\AppData\Local\Temp\zewulkul\CSC11948045A0DA4E56ABE888A6BB93CE13.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zewulkul\zewulkul.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0z3dzhzg\0z3dzhzg.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD624.tmp" "c:\Users\Admin\AppData\Local\Temp\0z3dzhzg\CSCB0FE1A09D53246E0A7446C9E82C6FFB5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD634.tmp" "c:\Users\Admin\AppData\Local\Temp\rc0tidn3\CSC24464E3D2525427498DB6643922CD9EE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rc0tidn3\rc0tidn3.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\k5rs30yf\k5rs30yf.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ri3qrxhv\ri3qrxhv.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7E9.tmp" "c:\Users\Admin\AppData\Local\Temp\k5rs30yf\CSC28E15AF2A834244892864F987F03B41.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\exoq2vdn\exoq2vdn.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD875.tmp" "c:\Users\Admin\AppData\Local\Temp\ri3qrxhv\CSC4E85AE45A62543328F15D77C3A7DF51E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD950.tmp" "c:\Users\Admin\AppData\Local\Temp\exoq2vdn\CSC83979FCD5B874715BF711E1D765F196B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ync0hfuj\ync0hfuj.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD9CC.tmp" "c:\Users\Admin\AppData\Local\Temp\ync0hfuj\CSCC88A941987604D6CB31496E81BE04147.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jotovgox\jotovgox.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB04.tmp" "c:\Users\Admin\AppData\Local\Temp\jotovgox\CSCA88B4055A9E84E6D824D7A53844BA2AF.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\11nugb3o\11nugb3o.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC9A.tmp" "c:\Users\Admin\AppData\Local\Temp\11nugb3o\CSC29ABBAEAB8A64C078D49B399BAEB5286.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5gcfoz22\5gcfoz22.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5r4fmlkz\5r4fmlkz.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jsjgb3yq\jsjgb3yq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pnwqirtb\pnwqirtb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDFF4.tmp" "c:\Users\Admin\AppData\Local\Temp\jsjgb3yq\CSC3614E65C82F046399D3BB7E5CBB8D3C2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE023.tmp" "c:\Users\Admin\AppData\Local\Temp\5r4fmlkz\CSC26CDED07C4B245F68941FC26522CBDDE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vevrej5q\vevrej5q.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE090.tmp" "c:\Users\Admin\AppData\Local\Temp\5gcfoz22\CSC3142383971BC455DAA6F883716CAA4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE0DE.tmp" "c:\Users\Admin\AppData\Local\Temp\pnwqirtb\CSC5663405480FA49FBA78D9C367645EA5.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1228427131-1845789794-120835786094486344493712240513837190981898901769215645597"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE66A.tmp" "c:\Users\Admin\AppData\Local\Temp\p5zl31s2\CSCD5C2DC607E1C43599D8E4279F0B7A21.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE61C.tmp" "c:\Users\Admin\AppData\Local\Temp\zvfjj23k\CSC442A5580667148B2A74B6DD1ED1C74C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5ipsdjii\5ipsdjii.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE744.tmp" "c:\Users\Admin\AppData\Local\Temp\5ipsdjii\CSC98C01ADE670340BE854D65B2FD5E7ACC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zvfjj23k\zvfjj23k.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE16A.tmp" "c:\Users\Admin\AppData\Local\Temp\vevrej5q\CSC5A05123AF16D412D89AC91D2C7F63517.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5zl31s2\p5zl31s2.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bzxts55j\bzxts55j.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m3ztiznt\m3ztiznt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ofse5ega\ofse5ega.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5poa35zf\5poa35zf.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD1C.tmp" "c:\Users\Admin\AppData\Local\Temp\5poa35zf\CSCD07C46BB7F6B4BF0A4AC2C3B62FF687C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E79.tmp" "c:\Users\Admin\AppData\Local\Temp\ofse5ega\CSC4926BA9ECE9D402E80414929F612FF6C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E78.tmp" "c:\Users\Admin\AppData\Local\Temp\m3ztiznt\CSC8A633C412CC4EBD85FE5E6AEF296731.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3E7A.tmp" "c:\Users\Admin\AppData\Local\Temp\bzxts55j\CSC55AC003726E341528CF64D11489D9E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5grcc01q\5grcc01q.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sdppbupo\sdppbupo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6347.tmp" "c:\Users\Admin\AppData\Local\Temp\sdppbupo\CSC44FBC06A43DA440095C56A78B04F1268.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6346.tmp" "c:\Users\Admin\AppData\Local\Temp\5grcc01q\CSC91D68EDE8F464779B5827FA082F63CE.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\umxojwkl\umxojwkl.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xtqubiza\xtqubiza.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES698D.tmp" "c:\Users\Admin\AppData\Local\Temp\umxojwkl\CSC8650BE4A757D4F0084A98BDCB253BC54.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES69BC.tmp" "c:\Users\Admin\AppData\Local\Temp\xtqubiza\CSC12F6361DDA4F480F91357D39CDA9BD9B.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1ibctlr3\1ibctlr3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D25.tmp" "c:\Users\Admin\AppData\Local\Temp\1ibctlr3\CSCFFE7FDC92D7445549E56BFAFD627E88.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6D35.tmp" "c:\Users\Admin\AppData\Local\Temp\mlb3pwz0\CSCA990740F7AA845CEA44A67A61C0955F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mlb3pwz0\mlb3pwz0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hkjnhgpl\hkjnhgpl.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1zz5c43u\1zz5c43u.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bsf1yexl\bsf1yexl.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F09.tmp" "c:\Users\Admin\AppData\Local\Temp\hkjnhgpl\CSC5D9115CA928441C7826871788C38A3E3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qsrj2yx3\qsrj2yx3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F28.tmp" "c:\Users\Admin\AppData\Local\Temp\1zz5c43u\CSCAA799D96467347808E27324917DFF34.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7060.tmp" "c:\Users\Admin\AppData\Local\Temp\cbhivdgp\CSC7ED1B382E1B34A8CB5B7A7AC6B33EF99.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cbhivdgp\cbhivdgp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES70BE.tmp" "c:\Users\Admin\AppData\Local\Temp\qsrj2yx3\CSCCB62D7CBE37145109BD2B724840A1CB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\adqw4sc0\adqw4sc0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6E8C.tmp" "c:\Users\Admin\AppData\Local\Temp\bsf1yexl\CSCD54DAA6EA51B4B348E82BB4DB3C0D166.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES730F.tmp" "c:\Users\Admin\AppData\Local\Temp\nr0i3zqm\CSCE0EAC88D9A4D4BF58546D49AD6AE2FF.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nr0i3zqm\nr0i3zqm.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wg2uw05i\wg2uw05i.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES74A4.tmp" "c:\Users\Admin\AppData\Local\Temp\wg2uw05i\CSC3D05EBBA148441E6AE329A51EF3138.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uxcpszpm\uxcpszpm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iqgb0n2f\iqgb0n2f.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7282.tmp" "c:\Users\Admin\AppData\Local\Temp\adqw4sc0\CSC15AECE211E75492F8F9B521868C8DDB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3gfk3d3z\3gfk3d3z.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mgglefr3\mgglefr3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7678.tmp" "c:\Users\Admin\AppData\Local\Temp\uxcpszpm\CSCFBA4E5E3C2B44AF2978284638D66582.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7669.tmp" "c:\Users\Admin\AppData\Local\Temp\iqgb0n2f\CSCDEC05F7C4F2F428FB52F9B03999CEA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7781.tmp" "c:\Users\Admin\AppData\Local\Temp\3gfk3d3z\CSC53382E58938471CA9DA272C93309.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES782D.tmp" "c:\Users\Admin\AppData\Local\Temp\mgglefr3\CSC8A71BC14470A45CF9A219AD635F381D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\upt2z4ss\upt2z4ss.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7B78.tmp" "c:\Users\Admin\AppData\Local\Temp\twapo4xt\CSC429BE1B7108249119B1F6A509EBBFEDD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\twapo4xt\twapo4xt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79F2.tmp" "c:\Users\Admin\AppData\Local\Temp\upt2z4ss\CSCAEC094BD1B63494CAA40F058C29C881B.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\urm5rkwm\urm5rkwm.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79D2.tmp" "c:\Users\Admin\AppData\Local\Temp\varrtdxq\CSCFD1CEF546DFD40EA9EFB3EDB9E86B097.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\varrtdxq\varrtdxq.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y2hap21q\y2hap21q.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wp2o1sqm\wp2o1sqm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7F20.tmp" "c:\Users\Admin\AppData\Local\Temp\urm5rkwm\CSC4C4571C89A6948A2BDE086BAC291191.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8113.tmp" "c:\Users\Admin\AppData\Local\Temp\y2hap21q\CSCAB294B123C7840ACBCF803F649C7795.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hynzhid0\hynzhid0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d4wer1fh\d4wer1fh.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8151.tmp" "c:\Users\Admin\AppData\Local\Temp\wp2o1sqm\CSC3763929FBFB8433C8CF220A1BEED14E3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES841F.tmp" "c:\Users\Admin\AppData\Local\Temp\hynzhid0\CSC2E798176A5344D868547C3B312E7793E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES844E.tmp" "c:\Users\Admin\AppData\Local\Temp\d4wer1fh\CSCDD8BA89A659E4B4195474D71247634BC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dymhgsto\dymhgsto.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES875A.tmp" "c:\Users\Admin\AppData\Local\Temp\dymhgsto\CSCF6D82ABD483B463FB3E3BE42E4652FA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3wan4cgc\3wan4cgc.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uzznqhzj\uzznqhzj.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8AF2.tmp" "c:\Users\Admin\AppData\Local\Temp\3wan4cgc\CSC4C819067603B4FB68E629C90A1AD123D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zwwy2ztd\zwwy2ztd.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8C88.tmp" "c:\Users\Admin\AppData\Local\Temp\uzznqhzj\CSC13D6E18E6059472EBBE0B1F7F6617BFE.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tueceqct\tueceqct.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j4rn1y21\j4rn1y21.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8F17.tmp" "c:\Users\Admin\AppData\Local\Temp\j4rn1y21\CSCA0DDED17A84054B18E95D68D134C86.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9001.tmp" "c:\Users\Admin\AppData\Local\Temp\tueceqct\CSC51718B574FB74800A8C97E2D5BEBADE3.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E6B.tmp" "c:\Users\Admin\AppData\Local\Temp\zwwy2ztd\CSC8917F366C0A64D6A8C32C488F5ABED5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\125s24oo\125s24oo.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9712.tmp" "c:\Users\Admin\AppData\Local\Temp\125s24oo\CSC14A030258F5542188FB2F67D191743F2.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sucjlnbn\sucjlnbn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9DD6.tmp" "c:\Users\Admin\AppData\Local\Temp\sucjlnbn\CSC8D0FAC6659B4950AC7295F9D7E6AD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m40v0kip\m40v0kip.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA7F4.tmp" "c:\Users\Admin\AppData\Local\Temp\m40v0kip\CSC4B5D6E38DF39401FAE123C954AA49552.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsbnnvzw\hsbnnvzw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE245.tmp" "c:\Users\Admin\AppData\Local\Temp\hsbnnvzw\CSC5BEC749BD449E5914BB1AF69629819.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5bycubuw\5bycubuw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF8D1.tmp" "c:\Users\Admin\AppData\Local\Temp\5bycubuw\CSC13425E0FFCA4B948514FA5C7CE4D2B8.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 runnermank.rapiddns.ru udp
US 8.8.4.4:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
US 8.8.8.8:53 mediamall098.freedynamicdns.org udp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
US 8.8.8.8:53 grounderwarone.rapiddns.ru udp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp

Files

memory/1676-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

memory/1520-59-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

C:\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

memory/292-85-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

memory/1696-80-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

memory/2032-72-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

memory/608-66-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

C:\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

C:\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

memory/2032-104-0x0000000001270000-0x0000000001284000-memory.dmp

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

memory/556-110-0x00000000009E0000-0x00000000009F4000-memory.dmp

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsm

MD5 464b5e0428e30047c46c986c4be661f2
SHA1 a45954016a6ceceb213726f65513cdaa176ec67d
SHA256 67180f5b16e22e49e67108daf109189e2f7421318c782521ecd2cf9ca1ea9c18
SHA512 3ad751d83961299f348f5aa18c55c966588143442eb15aac86ab4489d62f464054346859570198ceacf7aca37f082eaf28c8653eab2eabfa4ef08f04c358f650

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBm

MD5 e5c0019799f496f073178e281d9a4b34
SHA1 96bd7d80ff361765119ad19e6b59d9c221a2857a
SHA256 b67735fbbd061e91a12b0ecfa31a7b8dfbd863ee996ea13237208baa6ed9e00d
SHA512 d5804b4d8b5a71363b3d2fc834e1e51091d096cc0115788cd0fc0e55a317f0518142ca3dfa4dadcd6fa7369494468c6c00ca98c167702115fe40975e5d4e508b

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOm

MD5 31eaa2a0f9b2613938e7e6fa761f2437
SHA1 8bd6597e316a831088875b7101bceb4773ce8c40
SHA256 b5fd61376434069e9331e05a733aeaa3a247c3edb03e2bac58da81a45a47a7f0
SHA512 e980519b3ac4f240f85748385dae2a9b9651a8ecdb14fdbb02966077da12b391950e29ca06d8b214bd97ac0be5bfb3dc6ef38942843b997d0c518191304ef9f3

memory/1600-118-0x0000000000000000-mapping.dmp

memory/1676-119-0x0000000000300000-0x000000000030D000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.cmdline

MD5 a0b264b7c4b0815085a812e1fcf647bc
SHA1 4997e8a496a893d33502687cc5e5b4d4c28c79c1
SHA256 6951dfd6b330b82c8b3273f0a3d78521b61c09326e46df6a8c651c81b1430a8c
SHA512 ae2c5343c5e887fb660754ad6e059abe736a2861ac880c091e6ea019c5d558d26e2705ad2a2b19e36cf1922e48c6d9b0317c80b2b67e6d9d6255b7abe0c16323

\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.0.cs

MD5 de6b3732b71cffe5641e0d0338205287
SHA1 200584859e4d4501955d2068012558c2cf6f69a1
SHA256 b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93
SHA512 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8

\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.0.cs

MD5 dda634ae6683c71e4e2a424b76a04f41
SHA1 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc
SHA256 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21
SHA512 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a

\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.0.cs

MD5 22e401264feacf15cfebfbf79ad1e993
SHA1 cd24f47a0e96d8e48ecce264a03837eebeff4cbb
SHA256 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4
SHA512 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f

\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.0.cs

MD5 314f7940dcb145914613d3c72b93db66
SHA1 a59e6a9c5ded6ece177e49d1e2f388f723f23620
SHA256 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a
SHA512 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d

\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.cmdline

MD5 db0c18cb36013e697ab59e53fcf148eb
SHA1 731afba6f7354bdc69c82c886b4b33ded9f180f7
SHA256 e2030f7d067a28bcdbfbbe9b04bc0df581adb2da341476e887493e5bec307e2a
SHA512 1f874e25caa22ba403d5ef552fd96f0577bab1f8fd9bf3980d3d3c0473aa70303b39295bbdbbdfa2519d3e38bf2b616a5792e283ed4d7effbe24cdc3822144d3

\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.cmdline

MD5 06ce0a86af77628cfe33e1f8b5ca6ddb
SHA1 7b0fe818f1bffff089fa605ba002563a770a74dd
SHA256 e1323e3ea2abeb1bf1415939db98a775aa434c37ae790df05efe8e6b599efdfa
SHA512 2f2a1a005be505392b3d8831448b96b1270ec74765bd831b15de00deae34e49cc99b027c03aba6c699854b4a94f326ab1014b6b5c17aebe6cde9d3caaef42ae5

\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.cmdline

MD5 071b1290051e412de617ae08d13995cd
SHA1 2b0d4dde87ee921eb74bcb8cea4cb284dee2d524
SHA256 5c585e7700a7dc364d3c39073cf305bb6234ff811a2d5d08e51d564afe074649
SHA512 e3c2011ab47331de0fee73ff98271c14c357368b41cf080ccac700478c3a033201f0c026f76ed540731099e066285fd49d7a2d8237ad86e8237cb6c59a3d17cd

memory/1428-117-0x0000000000000000-mapping.dmp

memory/888-128-0x000000000040DC4E-mapping.dmp

memory/1948-116-0x0000000000000000-mapping.dmp

memory/2016-115-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYm

MD5 3a24b49023c9a54bdb25171475489445
SHA1 3e9a1bad0eea419c1427c4490f46ec185f9c2508
SHA256 a99fc163b86858519606951a13af776edc1bf7693fc8f0b5c7c4ec840c5f6414
SHA512 19fddbc47a8a417ece8529b5d016ec77e459d7f02bddb5e718085ee5a463b16823266aa7a90d805222565c9c69ed982524323f4b1ead75eff2b3a20bbce217cf

memory/556-107-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

memory/1728-103-0x0000000000220000-0x0000000000234000-memory.dmp

memory/292-102-0x0000000000CD0000-0x0000000000CE4000-memory.dmp

memory/892-97-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

C:\Users\Admin\AppData\Local\Temp\RES386F.tmp

MD5 f70cf495c18e1024ac0d399215f7ccdb
SHA1 92b2205374cc5bfd361e0a4a2d8ba3e460276871
SHA256 bf406aa4b060c46ade3cd5b8facec780fe7287876fa09de44cf2599d6faa5828
SHA512 c57413d1516b3ba511c8dfb89a35ce6f5c7a91159d171cb61473b94235f13447427ce8454e9e7afc92f4116ba6ebbfe10ddb2b9055eb241df947e6c6905c3644

C:\Users\Admin\AppData\Local\Temp\q5qh104c\q5qh104c.dll

MD5 3d230589416b71d7ab1f7de472c720b9
SHA1 4ba0e772e52043995d9a0b33bc247cca05e90e06
SHA256 17f68561bf89792a42ac3c70036e867d8137b7efdf0c772f88ab2a8e4bb9020a
SHA512 03c23217c9ba2a869dfa9ed77aa2a06e7deadd00767bc498a311688053e059c770881fed5d6c24992a46234ec0082e42704ace651ca6f65c958832f3a826fad2

memory/1676-154-0x00000000008A0000-0x00000000008AD000-memory.dmp

memory/556-162-0x0000000000930000-0x0000000000990000-memory.dmp

memory/2032-161-0x0000000000770000-0x0000000000814000-memory.dmp

memory/1728-160-0x0000000000670000-0x00000000006A0000-memory.dmp

memory/888-163-0x00000000712B0000-0x000000007185B000-memory.dmp

memory/268-159-0x0000000000000000-mapping.dmp

memory/292-158-0x0000000000610000-0x000000000064E000-memory.dmp

memory/768-157-0x0000000000000000-mapping.dmp

memory/1760-156-0x0000000000000000-mapping.dmp

memory/988-155-0x0000000000000000-mapping.dmp

memory/1608-153-0x0000000000000000-mapping.dmp

memory/608-152-0x0000000000000000-mapping.dmp

memory/1216-151-0x0000000000000000-mapping.dmp

memory/816-150-0x0000000000000000-mapping.dmp

memory/556-149-0x0000000000560000-0x00000000005C0000-memory.dmp

memory/292-148-0x0000000000200000-0x000000000023E000-memory.dmp

memory/2032-147-0x00000000005B0000-0x0000000000654000-memory.dmp

memory/1728-146-0x0000000000640000-0x0000000000670000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5r5glz2i\5r5glz2i.dll

MD5 02303df3c56e4538a5ccb5651d122af6
SHA1 a1fde88c1816dd1599fb5ed70b777cd941669185
SHA256 1169b14532ad86dc3c1fe4cabe6066f7e9393f5f8ebd639a0e690fc77fc8a83c
SHA512 5ae6d931d21170dd32fff48291617aaebfad3c18f6fcf9e531fa8014fc535a00e154cec672cfc37d8366dc13b19bd24deb02c3d42b3b6d808ac18824627f3fe4

C:\Users\Admin\AppData\Local\Temp\RES3881.tmp

MD5 d57de7fe0207347504688d4df48d054e
SHA1 44fa237c32da8eaec023a3e93d3b13c5df5552a0
SHA256 ccace2587d67805036cd9db1b275fb839818561c49b28fb9cccc226b33d6ae7c
SHA512 c6947c63234e5d21820fdbfa46ec8ab077dcff9bcbb51e88bee432287a61c0dd252ce51eb4184beb90c0f362ece28e946e2381385649d1f3adad9c3bb51272af

C:\Users\Admin\AppData\Local\Temp\RES387F.tmp

MD5 88a0e0448f6cbda4e6e17fd280781f53
SHA1 cee14073259a52fe566c747f88966b6b2ba7fcce
SHA256 4a4db62c72b10a919ac580c6c359e86e4f4393184a952586008db97a68984cf2
SHA512 f86dddae7b67f33ce5d2bd92a4964e5c36d376a045aea6c451ee375b653f0e77312b60643fde21afd60796ecf021d3b2c76a130365ea500361f9ef582c21599a

\??\c:\Users\Admin\AppData\Local\Temp\q5qh104c\CSC924F9C24A2CF4A8A86AA65A63969C8.TMP

MD5 5090a6eb5d5791cb4c385278d0d7f929
SHA1 53f14eb4b7845154ba9e4c29326172ef51c5e061
SHA256 ec3914ab0b677d06727dd9a63e087b90a929c577797682c6cfa8f89a7ce7de92
SHA512 7cdc217a3ede8b23522394c9ee181c188677be6124dfcd4fe48193930e42338e0fa77651dc292897c54eaf30eb2f217ff43a3c8f238eb86bbe13b584fa87a5c0

\??\c:\Users\Admin\AppData\Local\Temp\5r5glz2i\CSC15C52E756689490C90739BDDFB3042B4.TMP

MD5 3e2f2255a1dc653f07a69dd3533b39ec
SHA1 df239006c6ec43c25a5a8c6dc8579c16ce8169e8
SHA256 616573e56347f2fa11a1aed79ff3d9605bd1daa0d6cb5a38c36e5ab2f0eb4e24
SHA512 b4fbf3c674e61cd716ea6b91d4d75a3e4cf8119676ec776e232330f8cf3515c0ad8d39ae65fba03491c0a9cbf3a4a28a904135f8101288a8fe5af212e6175bea

C:\Users\Admin\AppData\Local\Temp\zutfxp54\zutfxp54.dll

MD5 c24331bcfc8bae95d029aadd1c7a5731
SHA1 247aa626158a86aec6fd448b6b9f17dc03715188
SHA256 a938de240e0909b12b3ecf1ec1a134b69ccc56e419ee80d001292c72568493b7
SHA512 d1131feef5fedf86ee76691659c5bb3d9964d0a539554977cb9dcaf0f79b879d909cd68b5410d356a6cf14395aea25bcfb7d0d6503ab98b2d96dbf12cf6918b3

C:\Users\Admin\AppData\Local\Temp\RES3880.tmp

MD5 52c15f47ad7c9668d1279cbfeee847e9
SHA1 0a6b296a4c3d6482c36b6b57a49b36641311164b
SHA256 044fe595216d57b2899730aa1ccebb9463c0634710c65eada433b14a05df3849
SHA512 516e5af2f917e1ca82720e86714b3e891aceee1deaf900304e2d681288dacdc3db1cdf11ae8eccbeafad985c923c187075b8056d392e9f380fe00a06530f1bc0

C:\Users\Admin\AppData\Local\Temp\hmbcwwbp\hmbcwwbp.dll

MD5 f0dc8e0edb8343d769265e5a737464e6
SHA1 04b7b75a0369e799cdf3eec340d258709b14a00d
SHA256 8a0ad44119bc9574896bbd4b056e753e265afb6f34491906af0dd21fefb437a4
SHA512 6bc2ea9bb64850c693eafa59e5d23dd9400cd1f6d271f9a1f302f73834b1b848a3d52c690b5e8cb0291fe5eb6bb0e494735dfd1835dffdbed159e7cb01ff3c68

\??\c:\Users\Admin\AppData\Local\Temp\zutfxp54\CSCCCD56D6EC80E4CBD8F4956BD50625331.TMP

MD5 4ff554d175469c033822c589e889c9b6
SHA1 442a1c0ec1c0fbe9343f085f699401ef316b0f58
SHA256 e8116f16a9ad2e8186f0115f60a5979ec43999a3b6e5e3b882872141fee31019
SHA512 9b2a144114307c41e1b4d06c415f9175492c129a776fca418dfa5faaffddfcdb66a1fc3dfc32fa9cce5a08c8c6cce1d2ffd6df4b4029f6c2de9884e23b1eb681

\??\c:\Users\Admin\AppData\Local\Temp\hmbcwwbp\CSCB18C683354CA4D239C8E508BF2CFF4.TMP

MD5 ce97eb0574f4259c6f8077bf228d35db
SHA1 dfc455c88b2d018bc1786c3effbdbf4d0d7eeb1c
SHA256 809becc7dbbe430211519798961121d3e33b5fdf1f6b18b837f693a4e504b0b1
SHA512 0659d26c7f204bf313072ac96ca1b57abf23b3f42493684a13ed8758f466129a1bb30b5e9a954fdd472129fb230bc5bfbe8548489744147e9a058a7c8a5152e4

memory/1588-133-0x0000000000000000-mapping.dmp

memory/1564-132-0x0000000000000000-mapping.dmp

memory/1980-131-0x0000000000000000-mapping.dmp

memory/1596-130-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

memory/1728-92-0x0000000000000000-mapping.dmp

memory/1728-164-0x00000000003E0000-0x00000000003F6000-memory.dmp

memory/2032-167-0x0000000000560000-0x00000000005A2000-memory.dmp

memory/1044-172-0x0000000000408D6E-mapping.dmp

memory/1088-176-0x000000000040DC4E-mapping.dmp

memory/860-174-0x000000000040586A-mapping.dmp

memory/1700-175-0x000000000041E792-mapping.dmp

memory/1088-180-0x0000000000400000-0x0000000000412000-memory.dmp

memory/1044-173-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1700-181-0x0000000000400000-0x0000000000438000-memory.dmp

memory/556-168-0x0000000000400000-0x0000000000428000-memory.dmp

memory/860-183-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1728-182-0x0000000000620000-0x0000000000623000-memory.dmp

memory/292-165-0x0000000000250000-0x000000000026A000-memory.dmp

memory/1700-184-0x0000000000470000-0x000000000047A000-memory.dmp

memory/1700-185-0x0000000000480000-0x000000000049E000-memory.dmp

memory/1700-186-0x00000000005A0000-0x00000000005AA000-memory.dmp

memory/1808-195-0x0000000000360000-0x0000000000390000-memory.dmp

memory/1216-198-0x0000000000000000-mapping.dmp

memory/920-200-0x0000000000000000-mapping.dmp

memory/1596-205-0x0000000000000000-mapping.dmp

memory/664-207-0x00000000005F0000-0x000000000062E000-memory.dmp

memory/1592-211-0x0000000000408D6E-mapping.dmp

memory/1112-216-0x0000000000000000-mapping.dmp

memory/1628-213-0x0000000000D40000-0x0000000000DE4000-memory.dmp

memory/1628-220-0x00000000011C0000-0x0000000001264000-memory.dmp

memory/1888-225-0x000000000041E792-mapping.dmp

memory/2004-224-0x000000000040586A-mapping.dmp

memory/1628-222-0x0000000000910000-0x0000000000952000-memory.dmp

memory/268-228-0x0000000000000000-mapping.dmp

memory/1200-230-0x0000000000000000-mapping.dmp

memory/1056-229-0x0000000000000000-mapping.dmp

memory/2016-232-0x0000000000000000-mapping.dmp

memory/268-233-0x0000000000240000-0x0000000000270000-memory.dmp

memory/1404-237-0x0000000000000000-mapping.dmp

memory/2004-239-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2024-238-0x0000000000000000-mapping.dmp

memory/268-241-0x0000000000510000-0x0000000000540000-memory.dmp

memory/268-242-0x0000000000210000-0x0000000000226000-memory.dmp

memory/984-244-0x0000000000408D6E-mapping.dmp

memory/1200-245-0x0000000000890000-0x00000000008CE000-memory.dmp

memory/2024-248-0x0000000000290000-0x00000000002F0000-memory.dmp

memory/1404-251-0x0000000004970000-0x0000000004A14000-memory.dmp

memory/2024-250-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/1404-246-0x0000000001180000-0x0000000001224000-memory.dmp

memory/1720-254-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-240-0x0000000000000000-mapping.dmp

memory/1200-236-0x0000000000680000-0x00000000006BE000-memory.dmp

memory/1696-235-0x0000000000000000-mapping.dmp

memory/1212-234-0x0000000000000000-mapping.dmp

memory/760-231-0x0000000000000000-mapping.dmp

memory/1760-219-0x00000000006A0000-0x0000000000700000-memory.dmp

memory/1748-217-0x0000000000000000-mapping.dmp

memory/1636-218-0x0000000000000000-mapping.dmp

memory/1680-214-0x0000000000000000-mapping.dmp

memory/1192-212-0x000000000040DC4E-mapping.dmp

memory/1760-208-0x00000000005C0000-0x0000000000620000-memory.dmp

memory/1808-206-0x00000000003B0000-0x00000000003E0000-memory.dmp

memory/1700-204-0x0000000004D45000-0x0000000004D56000-memory.dmp

memory/984-203-0x0000000000000000-mapping.dmp

memory/892-201-0x0000000000000000-mapping.dmp

memory/1936-202-0x0000000000000000-mapping.dmp

memory/1960-199-0x0000000000000000-mapping.dmp

memory/652-197-0x0000000000000000-mapping.dmp

memory/664-196-0x00000000005B0000-0x00000000005EE000-memory.dmp

memory/768-193-0x0000000000000000-mapping.dmp

memory/1760-194-0x0000000000000000-mapping.dmp

memory/1628-192-0x0000000000000000-mapping.dmp

memory/1708-191-0x0000000000000000-mapping.dmp

memory/1540-190-0x0000000000000000-mapping.dmp

memory/844-189-0x0000000000000000-mapping.dmp

memory/664-188-0x0000000000000000-mapping.dmp

memory/1808-187-0x0000000000000000-mapping.dmp

memory/888-255-0x00000000712B0000-0x000000007185B000-memory.dmp

memory/860-258-0x0000000000400000-0x000000000041D000-memory.dmp

memory/480-260-0x0000000001170000-0x0000000001214000-memory.dmp

memory/1708-262-0x00000000004A0000-0x00000000004D0000-memory.dmp

memory/2016-261-0x00000000003D0000-0x0000000000430000-memory.dmp

memory/1244-259-0x0000000000960000-0x000000000099E000-memory.dmp

memory/1244-263-0x00000000009A0000-0x00000000009DE000-memory.dmp

memory/480-265-0x0000000004970000-0x0000000004A14000-memory.dmp

memory/1708-269-0x00000000004D0000-0x0000000000500000-memory.dmp

memory/2016-270-0x00000000005A0000-0x0000000000600000-memory.dmp

memory/596-274-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1408-275-0x0000000000900000-0x000000000093E000-memory.dmp

memory/1980-276-0x0000000001020000-0x00000000010C4000-memory.dmp

memory/1408-277-0x00000000009E0000-0x0000000000A1E000-memory.dmp

memory/1980-280-0x00000000010C0000-0x0000000001164000-memory.dmp

memory/1192-281-0x00000000002B0000-0x00000000002E0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-31 07:08

Reported

2022-07-31 10:04

Platform

win10v2004-20220721-en

Max time kernel

155s

Max time network

211s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"

Signatures

LimeRAT

rat limerat

NanoCore

keylogger trojan stealer spyware nanocore

WarzoneRat, AveMaria

rat infostealer warzonerat

njRAT/Bladabindi

trojan njrat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\csrss.url C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4064 set thread context of 2384 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4064 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\System32\Conhost.exe
PID 4064 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\System32\Conhost.exe
PID 4064 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\System32\Conhost.exe
PID 4064 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 4064 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 4064 wrote to memory of 1064 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 1064 wrote to memory of 4580 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 1064 wrote to memory of 4580 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 1064 wrote to memory of 4580 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 4064 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4064 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4064 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2284 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2284 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 2284 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
PID 4064 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\vest.exe
PID 4064 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\vest.exe
PID 4064 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Users\Admin\AppData\Local\Temp\vest.exe
PID 4620 wrote to memory of 4368 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 4620 wrote to memory of 4368 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 4620 wrote to memory of 4368 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe
PID 1624 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\vest.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 1624 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\vest.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 1624 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\vest.exe C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe
PID 4580 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe C:\Windows\System32\Conhost.exe
PID 4580 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe C:\Windows\System32\Conhost.exe
PID 4580 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe C:\Windows\System32\Conhost.exe
PID 4368 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 4368 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 4368 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3164 wrote to memory of 800 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3164 wrote to memory of 800 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3164 wrote to memory of 800 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
PID 3520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 3520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 3520 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe
PID 4064 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
PID 4064 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe

"C:\Users\Admin\AppData\Local\Temp\9e25ec50b161a15ae2c729b35bd860c52fd73ccaf82fcc25e7a87320a6f13f9a.exe"

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

"C:\Users\Admin\AppData\Local\Temp\Firefox.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe 1

C:\Users\Admin\AppData\Local\Temp\vest.exe

"C:\Users\Admin\AppData\Local\Temp\vest.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe 1

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe 1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe 1

C:\Users\Admin\AppData\Local\Temp\peggym.exe

"C:\Users\Admin\AppData\Local\Temp\peggym.exe"

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

"C:\Users\Admin\AppData\Local\Temp\mediamall.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v2.0.50727\\\\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF184.tmp" "c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\CSCBF72C7957F5448C0BF7155DD2D3F9D78.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF406.tmp" "c:\Users\Admin\AppData\Local\Temp\vmxwxss3\CSCE8969110A474D6FB9301BB589568DD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF50E.tmp" "c:\Users\Admin\AppData\Local\Temp\gltpphw5\CSC684DC0A9301240B0A8D0E4BB79D23CD3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF4C0.tmp" "c:\Users\Admin\AppData\Local\Temp\xhirshi5\CSC6758330FA11540DBB958A837CF45E88.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ff2se3bl\ff2se3bl.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDD8.tmp" "c:\Users\Admin\AppData\Local\Temp\ff2se3bl\CSCDC509340B9BA40D0B853A85560F025C6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDC9.tmp" "c:\Users\Admin\AppData\Local\Temp\uwhp1yml\CSC5E3D40F940C7435DB1983158A5F29A99.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uwhp1yml\uwhp1yml.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vlgpnwrx\vlgpnwrx.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1C0.tmp" "c:\Users\Admin\AppData\Local\Temp\oegfmztt\CSCC4D6349E897490397BB7434E3C04192.TMP"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1D0.tmp" "c:\Users\Admin\AppData\Local\Temp\ws1izuhe\CSC4FAC4FE0E85B4557ABEEE21A6754A763.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5nikjdbu\5nikjdbu.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES29B.tmp" "c:\Users\Admin\AppData\Local\Temp\vlgpnwrx\CSCD0816885D06A440696653634C76AE453.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ws1izuhe\ws1izuhe.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oegfmztt\oegfmztt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF405.tmp" "c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\CSC499F2B105E284277ABA80A0766D2A61.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cfrx51w5\cfrx51w5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES904.tmp" "c:\Users\Admin\AppData\Local\Temp\cfrx51w5\CSC974D247BC3AE4485ADA14137B2D3640.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8D5.tmp" "c:\Users\Admin\AppData\Local\Temp\sgkurltt\CSC2C6B9731499D41A8B479C39F4C29652E.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sgkurltt\sgkurltt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2BA.tmp" "c:\Users\Admin\AppData\Local\Temp\5nikjdbu\CSCEBF138DA1AC54F10843ED10CF97C3B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF185.tmp" "c:\Users\Admin\AppData\Local\Temp\ubf3koi2\CSC74F450682ED44C19B164327F8C413AE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF126.tmp" "c:\Users\Admin\AppData\Local\Temp\cgd0huxz\CSCD87621FA32694A48876A4BEF7CC01BB3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF186.tmp" "c:\Users\Admin\AppData\Local\Temp\vck1k0sx\CSCC8E36BD8FF5248828336A51174D69796.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1151.tmp" "c:\Users\Admin\AppData\Local\Temp\y4q22dz5\CSCD862391C8D8647BD877AE7CEFA43AD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1141.tmp" "c:\Users\Admin\AppData\Local\Temp\bzcdthsr\CSC86ED9A4534A14ACE8A47B31D4D2C6C8A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES14CB.tmp" "c:\Users\Admin\AppData\Local\Temp\h2qkyd51\CSCC25E3A4FD28745DC9C5147A4F3831BDA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1613.tmp" "c:\Users\Admin\AppData\Local\Temp\hsgxkbl5\CSCC7865E7BEF7140178AA7A1498AF7F9B8.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES150A.tmp" "c:\Users\Admin\AppData\Local\Temp\1mimcnv3\CSCD419AF8AE5B44480B467EDCC5E25DEB6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES16BF.tmp" "c:\Users\Admin\AppData\Local\Temp\wa5zxzwr\CSCCCB57355B475464D83E6959A17347EEA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsgxkbl5\hsgxkbl5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wa5zxzwr\wa5zxzwr.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES144E.tmp" "c:\Users\Admin\AppData\Local\Temp\dczngakj\CSCD8D4021E444E410698D84E28BF69A329.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES141F.tmp" "c:\Users\Admin\AppData\Local\Temp\yqd1mnj3\CSC611DE80769254F50A0CE9F42883DCC6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1mimcnv3\1mimcnv3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\h2qkyd51\h2qkyd51.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yqd1mnj3\yqd1mnj3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dczngakj\dczngakj.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B93.tmp" "c:\Users\Admin\AppData\Local\Temp\lnxcxaha\CSC48FD1E9ED78648818E0FEFEDBB8DEE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B92.tmp" "c:\Users\Admin\AppData\Local\Temp\1yqwk213\CSC875ACFC362D3454EB0B044AA7C516E8D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lnxcxaha\lnxcxaha.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1BEF.tmp" "c:\Users\Admin\AppData\Local\Temp\g50uuyt1\CSC78DDEBD67B39439585D6B05618B32C45.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g50uuyt1\g50uuyt1.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1yqwk213\1yqwk213.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bzcdthsr\bzcdthsr.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y4q22dz5\y4q22dz5.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sfdek5o1\sfdek5o1.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EBA.tmp" "c:\Users\Admin\AppData\Local\Temp\wncgvkjb\CSC9BC6410C973548F6A12E81799D48E5DA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3EC9.tmp" "c:\Users\Admin\AppData\Local\Temp\iutoenbq\CSC16C5162A6D5E4925B88F9E03A4CDEB5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iutoenbq\iutoenbq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wncgvkjb\wncgvkjb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3F65.tmp" "c:\Users\Admin\AppData\Local\Temp\sfdek5o1\CSCA1E581BE54484C9E9AC3D626070BC90.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sz5rvh4l\sz5rvh4l.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4513.tmp" "c:\Users\Admin\AppData\Local\Temp\sz5rvh4l\CSCFD0F3A15CBFF495BB445B96DD21954E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES44F3.tmp" "c:\Users\Admin\AppData\Local\Temp\exm301ao\CSCEE68B886F19343C0ACF88CF8C728925B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\irq4kcnr\irq4kcnr.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\e4gm5x4k\e4gm5x4k.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\exm301ao\exm301ao.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES46B8.tmp" "c:\Users\Admin\AppData\Local\Temp\l3dachvp\CSC54EA1C5486FA408AAC7426DAA6DED49E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qldn0ynv\qldn0ynv.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qmoc4cp0\qmoc4cp0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES462C.tmp" "c:\Users\Admin\AppData\Local\Temp\irq4kcnr\CSC48606337A57042DEA95690F7DAC85A25.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qbbqc5ts\qbbqc5ts.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l3dachvp\l3dachvp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES45AF.tmp" "c:\Users\Admin\AppData\Local\Temp\e4gm5x4k\CSC7D93EF4FF355466D871B275707E6E63.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B1D.tmp" "c:\Users\Admin\AppData\Local\Temp\qbbqc5ts\CSCAB556854FB0D4FF28CEC2A7E862CD64A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4CC3.tmp" "c:\Users\Admin\AppData\Local\Temp\qldn0ynv\CSC6F0E283B3862461E899F9085CC3F3AC2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mm1csj2x\mm1csj2x.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\swhxsjlj\swhxsjlj.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES509C.tmp" "c:\Users\Admin\AppData\Local\Temp\swhxsjlj\CSC7521B849E8204F80A27597E17F392D8.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w3k5oh5f\w3k5oh5f.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vcmsfqar\vcmsfqar.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4gbl5bfq\4gbl5bfq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5242.tmp" "c:\Users\Admin\AppData\Local\Temp\mhz5uirw\CSCE099E71522E54D73917636FA8F186D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5251.tmp" "c:\Users\Admin\AppData\Local\Temp\vcmsfqar\CSC6701DC44B27C46F2B499CECEE05DBDC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mhz5uirw\mhz5uirw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52BF.tmp" "c:\Users\Admin\AppData\Local\Temp\4gbl5bfq\CSC5FF853BC85254703B7E7473D24A6E2C8.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iqcx4vt4\iqcx4vt4.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES54F1.tmp" "c:\Users\Admin\AppData\Local\Temp\iqcx4vt4\CSC87C4110C33414A7C88A0ECD614174C1F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\emofsb40\emofsb40.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hkty2our\hkty2our.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES586C.tmp" "c:\Users\Admin\AppData\Local\Temp\hkty2our\CSC811912DF49AC43298B14C4336F0364A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES584C.tmp" "c:\Users\Admin\AppData\Local\Temp\emofsb40\CSC8765B179784A423E8747A2CDD0C1E3B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sw3rjnuy\sw3rjnuy.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5995.tmp" "c:\Users\Admin\AppData\Local\Temp\3fe1hhda\CSCFD8902802873466FA76D408ABFE447.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES59B4.tmp" "c:\Users\Admin\AppData\Local\Temp\52hib1sr\CSC4B1525E3C04E4ABEB3A57278BBA07EF7.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\epfn214h\epfn214h.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5B5A.tmp" "c:\Users\Admin\AppData\Local\Temp\wdpe2d0e\CSC77B8CBCB843344D6BFB828F3BB49A90.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5C73.tmp" "c:\Users\Admin\AppData\Local\Temp\epfn214h\CSC5B0C0FEB52B14F2A839980F6E0B2E04A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yctcp2ll\yctcp2ll.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5D6D.tmp" "c:\Users\Admin\AppData\Local\Temp\yctcp2ll\CSC4CBC8E507DF4660949AC76E8F661FB5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gstcszz3\gstcszz3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5lx1dipk\5lx1dipk.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0dxyrt3d\0dxyrt3d.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5F71.tmp" "c:\Users\Admin\AppData\Local\Temp\0dxyrt3d\CSCA62E7ED337A64AF8A4DFAAD98B2BA4F2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5E28.tmp" "c:\Users\Admin\AppData\Local\Temp\gstcszz3\CSCC04A7F67B1F44B42AB4A253154C3061.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\o5sqagmm\o5sqagmm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES607A.tmp" "c:\Users\Admin\AppData\Local\Temp\5lx1dipk\CSCF2F0A3847221486BB39A6E8D2B95C43.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES629D.tmp" "c:\Users\Admin\AppData\Local\Temp\j2pkesnj\CSCDA6E0A17E39045758190EC8C37AAA85D.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6155.tmp" "c:\Users\Admin\AppData\Local\Temp\o5sqagmm\CSC3D8910956C84C59AA4B29CE78B3797.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j2pkesnj\j2pkesnj.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6107.tmp" "c:\Users\Admin\AppData\Local\Temp\gjoiqmvs\CSCD5411E29BFE4CF891CFFE3660B19195.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjoiqmvs\gjoiqmvs.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\itovzfex\itovzfex.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dfpbbixm\dfpbbixm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES655C.tmp" "c:\Users\Admin\AppData\Local\Temp\zn41zuvp\CSC9DCD4ED454174971B7E14D51E859C391.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6618.tmp" "c:\Users\Admin\AppData\Local\Temp\itovzfex\CSC3E4DA321705A4A0AB9FE1E76216F596.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bqkigct0\bqkigct0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5dn2jup2\5dn2jup2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES680C.tmp" "c:\Users\Admin\AppData\Local\Temp\bqkigct0\CSC8D22055D54A14468A7A0D4D9979DA6CE.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1h2rjqcm\1h2rjqcm.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6B19.tmp" "c:\Users\Admin\AppData\Local\Temp\fkzjlxs3\CSC807CF6D693B84248AAA65AECEA225E4E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aejfhdew\aejfhdew.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6BB5.tmp" "c:\Users\Admin\AppData\Local\Temp\1h2rjqcm\CSC5717F8DCA44C493AA6F35CE1DE3D66FB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6CCE.tmp" "c:\Users\Admin\AppData\Local\Temp\l4hrserd\CSCF972E3247834413EA9D8D9B0CD2B41FF.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hsobzxge\hsobzxge.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6C23.tmp" "c:\Users\Admin\AppData\Local\Temp\aejfhdew\CSCDF371B5C35C14024BDC171C364C7C92D.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l4hrserd\l4hrserd.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6DD8.tmp" "c:\Users\Admin\AppData\Local\Temp\hsobzxge\CSC7CD82CFEBB0406197659FE55C6D9E80.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F9D.tmp" "c:\Users\Admin\AppData\Local\Temp\gjxsvypg\CSC2B5CB804639B4D6DB4F5C1B27C793B6.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7088.tmp" "c:\Users\Admin\AppData\Local\Temp\domlhds2\CSC1A3B30D897A40F7B0DC262247BC98E1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES702A.tmp" "c:\Users\Admin\AppData\Local\Temp\xwsjqioc\CSCD4B5873F2B32453F894BCBC3A034B258.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\domlhds2\domlhds2.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xwsjqioc\xwsjqioc.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\c4iocfii\c4iocfii.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7395.tmp" "c:\Users\Admin\AppData\Local\Temp\2ysksv1m\CSC3BFC4ED7DD18416486BE33B5B4736D3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES73E3.tmp" "c:\Users\Admin\AppData\Local\Temp\c4iocfii\CSCC03974647A2143E7B7C93D163D8F686.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2ysksv1m\2ysksv1m.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\00haetur\00haetur.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75A8.tmp" "c:\Users\Admin\AppData\Local\Temp\00haetur\CSCE48859E3A9AD4839B7B8D8A7F7C99FE5.TMP"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES76D1.tmp" "c:\Users\Admin\AppData\Local\Temp\fya21kak\CSCF5B596A0B4814454B78664FC5EF27F82.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES772F.tmp" "c:\Users\Admin\AppData\Local\Temp\nogtsrjh\CSC432EBFD486DD47388B4B81FF74B0869.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES776D.tmp" "c:\Users\Admin\AppData\Local\Temp\zex5ngbm\CSC982D720DB55F4203B4C4BDE07825973.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fya21kak\fya21kak.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nogtsrjh\nogtsrjh.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zex5ngbm\zex5ngbm.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjxsvypg\gjxsvypg.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fkzjlxs3\fkzjlxs3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES69B2.tmp" "c:\Users\Admin\AppData\Local\Temp\5dn2jup2\CSC48CFA4A89C254C8997183CE73E8CC5B.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES658B.tmp" "c:\Users\Admin\AppData\Local\Temp\dfpbbixm\CSCC07F81E0BA4D487F8CB38EF18D68432A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zn41zuvp\zn41zuvp.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5A40.tmp" "c:\Users\Admin\AppData\Local\Temp\sw3rjnuy\CSCD15761458C8049D3B0DAFEC49C3DA13F.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wdpe2d0e\wdpe2d0e.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\52hib1sr\52hib1sr.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3fe1hhda\3fe1hhda.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES553F.tmp" "c:\Users\Admin\AppData\Local\Temp\zrivjgft\CSCF4B1E01FA30E454284B85E8882276C9D.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zrivjgft\zrivjgft.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES52AF.tmp" "c:\Users\Admin\AppData\Local\Temp\w3k5oh5f\CSC730B410454944B4E88BB5036E42AB70.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES50DA.tmp" "c:\Users\Admin\AppData\Local\Temp\mm1csj2x\CSC36D1DE1D30C245CEAF32E4AA78A2271.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B9A.tmp" "c:\Users\Admin\AppData\Local\Temp\qmoc4cp0\CSC782EA49843A04DA5AF8D951F393795BD.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n20ypzb5\n20ypzb5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q3wu1ove\q3wu1ove.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i0y00q34\i0y00q34.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lp4totxq\lp4totxq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB3CA.tmp" "c:\Users\Admin\AppData\Local\Temp\n20ypzb5\CSC83E4E8CFD6845AD9482B4BF1ACEB9FA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4C4.tmp" "c:\Users\Admin\AppData\Local\Temp\lp4totxq\CSC88BB81C5680C47399991F47F5E6040B2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB551.tmp" "c:\Users\Admin\AppData\Local\Temp\i0y00q34\CSCA0284E1315004EA1AFF53E78EA1074F2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ionpxddq\ionpxddq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB4E4.tmp" "c:\Users\Admin\AppData\Local\Temp\q3wu1ove\CSC8DFA427776E04DA692EE34F578A547EB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB810.tmp" "c:\Users\Admin\AppData\Local\Temp\ionpxddq\CSC464146FB32D49898FB093445543FFFB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\muebynch\muebynch.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bb42vxf3\bb42vxf3.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBB9A.tmp" "c:\Users\Admin\AppData\Local\Temp\muebynch\CSC36F5FC0F61FB4809AE4F96BBBE9DA4FE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBBD9.tmp" "c:\Users\Admin\AppData\Local\Temp\bb42vxf3\CSCB3E97CB9A0324EF690563822401BC99E.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kf0qn0a5\kf0qn0a5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d2evy3tq\d2evy3tq.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cmcw20ev\cmcw20ev.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD9E.tmp" "c:\Users\Admin\AppData\Local\Temp\d2evy3tq\CSCC8EE32A7F9B44C5586A3F917343E34E.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a1123r3p\a1123r3p.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD8E.tmp" "c:\Users\Admin\AppData\Local\Temp\kf0qn0a5\CSC104FF1FDA3B3463B9EF1ED4D3FE07.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rjaiosq3\rjaiosq3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBF73.tmp" "c:\Users\Admin\AppData\Local\Temp\a1123r3p\CSCE485374BDF274244BD2818B7F010EA5B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBDEC.tmp" "c:\Users\Admin\AppData\Local\Temp\cmcw20ev\CSC6C604D5B85B9456BB278C11F138015.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pbufuajb\pbufuajb.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC0F9.tmp" "c:\Users\Admin\AppData\Local\Temp\rjaiosq3\CSCAF793CD3972442F49B9297FBC4CBCCB8.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q1qxnzfi\q1qxnzfi.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC1B5.tmp" "c:\Users\Admin\AppData\Local\Temp\pbufuajb\CSC3E1C288B6256490184153D41769C5D71.TMP"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\axjsd2ic\axjsd2ic.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC31C.tmp" "c:\Users\Admin\AppData\Local\Temp\q1qxnzfi\CSC6946DA28878A42339A9C178C1DD51E4.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC407.tmp" "c:\Users\Admin\AppData\Local\Temp\axjsd2ic\CSC450863C4707646948A166E17444E40.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qo0dlf21\qo0dlf21.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rrqyekoq\rrqyekoq.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zui2ftaz\zui2ftaz.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rzo0wxhx\rzo0wxhx.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC57E.tmp" "c:\Users\Admin\AppData\Local\Temp\qo0dlf21\CSC1E10DA7AE804E1392EA915B1FFDEE87.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC60A.tmp" "c:\Users\Admin\AppData\Local\Temp\zui2ftaz\CSC23EE7A2AC0994436BF4449E7363DBF45.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC5FB.tmp" "c:\Users\Admin\AppData\Local\Temp\rrqyekoq\CSCB3DB6C309CBD4E9AB552396520971A57.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC678.tmp" "c:\Users\Admin\AppData\Local\Temp\rzo0wxhx\CSCC294DA8D25BD4560ABB9577B844919E0.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tkhtillt\tkhtillt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA9E.tmp" "c:\Users\Admin\AppData\Local\Temp\tkhtillt\CSC5D2110F4E3A14C9C8458D16AD2FD6F5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cr1oj0l5\cr1oj0l5.cmdline"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n2zy4e5x\n2zy4e5x.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\by3gwnez\by3gwnez.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCB79.tmp" "c:\Users\Admin\AppData\Local\Temp\cr1oj0l5\CSCAFA2B9C3DCC4445683F9893976CD4D.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC44.tmp" "c:\Users\Admin\AppData\Local\Temp\n2zy4e5x\CSCBA6C915321004C5BADF0314B5BBF997.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC82.tmp" "c:\Users\Admin\AppData\Local\Temp\by3gwnez\CSC2AA04A884054FB7A7BCD1BBBA3C1AAE.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vserzocn\vserzocn.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4rxke5rj\4rxke5rj.cmdline"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDCB.tmp" "c:\Users\Admin\AppData\Local\Temp\vserzocn\CSCA8AD62DE190B4A0A86A33F506AB8A575.TMP"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCEC5.tmp" "c:\Users\Admin\AppData\Local\Temp\4rxke5rj\CSCA1B0C0A18B3345B4BF2CA6E845FA888C.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w142g2uj\w142g2uj.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD07A.tmp" "c:\Users\Admin\AppData\Local\Temp\w142g2uj\CSC39B5E8E7327B423AA05E635C3FA86680.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p5f1g3bf\p5f1g3bf.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rqh0tcw3\rqh0tcw3.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD25E.tmp" "c:\Users\Admin\AppData\Local\Temp\p5f1g3bf\CSC64BEFCB37D204A208F9A67D1B525B33.TMP"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD339.tmp" "c:\Users\Admin\AppData\Local\Temp\rqh0tcw3\CSC51409A722B584BB4BB4619DB0E8EAEA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2oz15mib\2oz15mib.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gds104ua\gds104ua.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4z2g32yn\4z2g32yn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD3F6.tmp" "c:\Users\Admin\AppData\Local\Temp\gds104ua\CSC2CC52854E368458F93E1CD4CEBE2BDA5.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD3F5.tmp" "c:\Users\Admin\AppData\Local\Temp\4z2g32yn\CSC26E4821016874B69A3895E817B422D1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4B0.tmp" "c:\Users\Admin\AppData\Local\Temp\2oz15mib\CSCA1790CB6542E4BE2A1324853CA2611A6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\s5iuckv5\s5iuckv5.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\k1gkz3nv\k1gkz3nv.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD6D3.tmp" "c:\Users\Admin\AppData\Local\Temp\s5iuckv5\CSCB637080319174B89AAC2AFFA97707CE6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD869.tmp" "c:\Users\Admin\AppData\Local\Temp\k1gkz3nv\CSC8F63C5E9DB854CDCB921E6F7CA4EC4FA.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3iuqdwbj\3iuqdwbj.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB86.tmp" "c:\Users\Admin\AppData\Local\Temp\5jmcgfzv\CSCFCC97338AAA349C390B44A23442CE190.TMP"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aaxslwky\aaxslwky.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4dm4vv3d\4dm4vv3d.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC9F.tmp" "c:\Users\Admin\AppData\Local\Temp\aaxslwky\CSC2E37BE7DEBA248E6908672A031F66EA4.TMP"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDDA9.tmp" "c:\Users\Admin\AppData\Local\Temp\gjrhuzp5\CSCDB0B02883FB347A8AA32FAD0FA7933E6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDE45.tmp" "c:\Users\Admin\AppData\Local\Temp\hjswaiq5\CSC73F68856C309493EA1F6408D5B77F7.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDEF1.tmp" "c:\Users\Admin\AppData\Local\Temp\w5dzkv3h\CSC741FA231AFC54030A9A1BF2338797848.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hjswaiq5\hjswaiq5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l3ykmrdn\l3ykmrdn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE1D0.tmp" "c:\Users\Admin\AppData\Local\Temp\l3ykmrdn\CSCCDF92C69B02F43E0AC6E8FBAF21E72CD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bavwseht\bavwseht.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qvmnyxjh\qvmnyxjh.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\w5dzkv3h\w5dzkv3h.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE2F8.tmp" "c:\Users\Admin\AppData\Local\Temp\bavwseht\CSCD083E03ED92B44C5A23027F19A7623AF.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD2C.tmp" "c:\Users\Admin\AppData\Local\Temp\4dm4vv3d\CSCC37705A513B943B9938CBE78443AAEB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gjrhuzp5\gjrhuzp5.cmdline"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE4AE.tmp" "c:\Users\Admin\AppData\Local\Temp\qvmnyxjh\CSCD266FFF38BBD49EFB3AABDD67FE96FB.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE54A.tmp" "c:\Users\Admin\AppData\Local\Temp\1kacbee5\CSC4647CEF710E14268863D1273AE4C6A2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE5C7.tmp" "c:\Users\Admin\AppData\Local\Temp\uqedhja5\CSCD8654334907349C6AA12615B649F8A4.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ql14m1nz\ql14m1nz.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE663.tmp" "c:\Users\Admin\AppData\Local\Temp\jlzj5suv\CSC2D6D335E45CE4BD69F1640047F4697D.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4keoy2iw\4keoy2iw.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE71F.tmp" "c:\Users\Admin\AppData\Local\Temp\ql14m1nz\CSC4B8D7E8DEBB94AE49AA57AD26E81EF0.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pncmbyb4\pncmbyb4.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEAE8.tmp" "c:\Users\Admin\AppData\Local\Temp\vmogntkt\CSC70E42453FFC940CE86F6D25F9F453E3.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a0uzqexo\a0uzqexo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEDB6.tmp" "c:\Users\Admin\AppData\Local\Temp\pncmbyb4\CSCE0AA7C7610E54A75906A737D97661B1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEEB0.tmp" "c:\Users\Admin\AppData\Local\Temp\a0uzqexo\CSC7DED4B40FA144B84B12D6B6E45932C9A.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vmogntkt\vmogntkt.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE848.tmp" "c:\Users\Admin\AppData\Local\Temp\4keoy2iw\CSC31C4039D5760420099AB163221A3ED88.TMP"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jlzj5suv\jlzj5suv.cmdline"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uqedhja5\uqedhja5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1kacbee5\1kacbee5.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDBF4.tmp" "c:\Users\Admin\AppData\Local\Temp\3iuqdwbj\CSCF1C6D92E10BF4F4288B4A5629F4B7A1.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5jmcgfzv\5jmcgfzv.cmdline"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE12.tmp" "c:\Users\Admin\AppData\Local\Temp\jcg0pxlk\CSC5AA8504ED9964C3C8DB5C8C92CE1D477.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFDF3.tmp" "c:\Users\Admin\AppData\Local\Temp\2bhvvyen\CSC1F3B3691BDFF4D9E90296695F0814E7.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2bhvvyen\2bhvvyen.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jcg0pxlk\jcg0pxlk.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3BD6.tmp" "c:\Users\Admin\AppData\Local\Temp\r5qlatmo\CSCEE6BB00EB23A44A584EED2BFAC78AAC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\r5qlatmo\r5qlatmo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\upp31yzr\upp31yzr.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fiqv0z2n\fiqv0z2n.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ofhdvxf2\ofhdvxf2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A5D.tmp" "c:\Users\Admin\AppData\Local\Temp\fiqv0z2n\CSCEE01C851CDC4A3AAA895F4CDF5158F2.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4934.tmp" "c:\Users\Admin\AppData\Local\Temp\ofhdvxf2\CSCE65DF2E63BA54E7AAA9A61253EE367FA.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A4E.tmp" "c:\Users\Admin\AppData\Local\Temp\upp31yzr\CSC5241DF6C15DA4F2C9AA86FFF135B1CA6.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7805.tmp" "c:\Users\Admin\AppData\Local\Temp\fsahps2q\CSCFD06EB9E6E4042499C174B6B159AD1CD.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

"C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fsahps2q\fsahps2q.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7BED.tmp" "c:\Users\Admin\AppData\Local\Temp\3p3d2pm2\CSCF66345833B4C4C2F86CAA43E36929D77.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C1C.tmp" "c:\Users\Admin\AppData\Local\Temp\2rh4xkjo\CSC1CACC4BD8576497D866192753961374.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C0C.tmp" "c:\Users\Admin\AppData\Local\Temp\yx1wxnwf\CSCC55A748858A3483493C4DF59D6CA8946.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2rh4xkjo\2rh4xkjo.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yx1wxnwf\yx1wxnwf.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7CE7.tmp" "c:\Users\Admin\AppData\Local\Temp\n3iewcql\CSC5254396EB8F54817845716B78AACB7EC.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n3iewcql\n3iewcql.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3p3d2pm2\3p3d2pm2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p1yxrent\p1yxrent.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8275.tmp" "c:\Users\Admin\AppData\Local\Temp\sk2dt0vx\CSCB0023FBE9199448BBCA78F2C8E84E436.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES82A3.tmp" "c:\Users\Admin\AppData\Local\Temp\hoxtfdwn\CSCC638700098484BE096A77D2A845C9AC0.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hoxtfdwn\hoxtfdwn.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES82A4.tmp" "c:\Users\Admin\AppData\Local\Temp\p1yxrent\CSCD298D57338014F5682A08C4373E8772B.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sk2dt0vx\sk2dt0vx.cmdline"

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

"C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xm1hxvt0\xm1hxvt0.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES85D0.tmp" "c:\Users\Admin\AppData\Local\Temp\xm1hxvt0\CSC3E8145005BE47429C892E9A6C937E3.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1qa5adwx\1qa5adwx.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8A64.tmp" "c:\Users\Admin\AppData\Local\Temp\1qa5adwx\CSC5BF93E3FD5F541DDAC9A9E6486F47.TMP"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

"RWexPNpgWDiGsaZBma5.exe"

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

"C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eso2lhd2\eso2lhd2.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vsrjht44\vsrjht44.cmdline"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8DEE.tmp" "c:\Users\Admin\AppData\Local\Temp\eso2lhd2\CSCE5E77C4E35994B98A2A662B4AFDE279.TMP"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E5B.tmp" "c:\Users\Admin\AppData\Local\Temp\vsrjht44\CSC39E0E65E2F83465296FF3C9E1ED03624.TMP"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 20.189.173.15:443 tcp
US 93.184.221.240:80 tcp
US 204.79.197.203:80 tcp
US 131.253.33.200:443 tcp
US 40.125.122.151:443 tcp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
US 8.8.8.8:53 grounderwarone.rapiddns.ru udp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
US 8.8.8.8:53 164.2.77.40.in-addr.arpa udp
US 8.8.8.8:53 mediamall098.freedynamicdns.org udp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
US 8.8.8.8:53 grounderwarone.rapiddns.ru udp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
BE 35.205.61.67:5500 grounderwarone.rapiddns.ru tcp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
US 8.8.8.8:53 runnermank.rapiddns.ru udp
BE 35.205.61.67:9091 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp
BE 35.205.61.67:5500 runnermank.rapiddns.ru tcp

Files

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

memory/2284-130-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\Firefox.exe

MD5 47f44cfb7a0d35f439d51f0a08bfc0ee
SHA1 b0067be1683bc777b879996aab8c7f0e41755a44
SHA256 6d7c532a743bc2d176a068381d22981d2dfd83f0f7a3f37db79e080033f18031
SHA512 9bd87a6429be5f634fe51e8ebbf13afe8497adbb3fc3779483fd22790396871b8c748b328abdd32b149f720256bcb721ee0c1b65c380c6a81f92329568778a71

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

C:\Users\Admin\AppData\Local\Temp\mediamall.exe

MD5 55b63fd0aea1922e85b0be1dd8f3c135
SHA1 6aac775e028c07e2b51612f816476608b5f79e59
SHA256 99abdd0260b8bb8d93380bde7d1b8687927b664eae24d2ed01cf5f767b5d35fe
SHA512 8e85a6a5f7ed8349491c908ba73818913f2aac9f2e5c5cd734be0c34892e8938f2e8c929aabfd506e13a2d71f0b7a18877693f09427cde1e8cfa521fd5bab790

memory/1064-133-0x0000000000000000-mapping.dmp

memory/3164-142-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

memory/4368-148-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

memory/3520-151-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

C:\Users\Admin\AppData\Local\Temp\vest.exe

MD5 c566b68022d55c985c6aec1c335c9399
SHA1 82d8549981a6efe8121bf52994dc6960266018de
SHA256 a3aa9447e5ac9e6935acf478b8a14a1b5513a9e3ed4c52321f1f6e6443780873
SHA512 465a7c7b904929fadb2be7f14f13f127742e241739b649a20c1c633d1105e0073fb99c0b981e7e65563de5a3d24142a203ec3686c4fbc7b78a0c70d6800ec0fd

memory/1624-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

C:\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

memory/4064-154-0x00000000041F0000-0x00000000041FD000-memory.dmp

memory/3164-157-0x00000000000B0000-0x00000000000C4000-memory.dmp

memory/4580-158-0x00000000005C0000-0x00000000005D4000-memory.dmp

memory/3520-156-0x0000000000100000-0x0000000000114000-memory.dmp

memory/4368-155-0x00000000001F0000-0x0000000000204000-memory.dmp

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsm

MD5 464b5e0428e30047c46c986c4be661f2
SHA1 a45954016a6ceceb213726f65513cdaa176ec67d
SHA256 67180f5b16e22e49e67108daf109189e2f7421318c782521ecd2cf9ca1ea9c18
SHA512 3ad751d83961299f348f5aa18c55c966588143442eb15aac86ab4489d62f464054346859570198ceacf7aca37f082eaf28c8653eab2eabfa4ef08f04c358f650

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYm

MD5 3a24b49023c9a54bdb25171475489445
SHA1 3e9a1bad0eea419c1427c4490f46ec185f9c2508
SHA256 a99fc163b86858519606951a13af776edc1bf7693fc8f0b5c7c4ec840c5f6414
SHA512 19fddbc47a8a417ece8529b5d016ec77e459d7f02bddb5e718085ee5a463b16823266aa7a90d805222565c9c69ed982524323f4b1ead75eff2b3a20bbce217cf

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBm

MD5 e5c0019799f496f073178e281d9a4b34
SHA1 96bd7d80ff361765119ad19e6b59d9c221a2857a
SHA256 b67735fbbd061e91a12b0ecfa31a7b8dfbd863ee996ea13237208baa6ed9e00d
SHA512 d5804b4d8b5a71363b3d2fc834e1e51091d096cc0115788cd0fc0e55a317f0518142ca3dfa4dadcd6fa7369494468c6c00ca98c167702115fe40975e5d4e508b

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOm

MD5 31eaa2a0f9b2613938e7e6fa761f2437
SHA1 8bd6597e316a831088875b7101bceb4773ce8c40
SHA256 b5fd61376434069e9331e05a733aeaa3a247c3edb03e2bac58da81a45a47a7f0
SHA512 e980519b3ac4f240f85748385dae2a9b9651a8ecdb14fdbb02966077da12b391950e29ca06d8b214bd97ac0be5bfb3dc6ef38942843b997d0c518191304ef9f3

memory/2584-166-0x0000000000000000-mapping.dmp

memory/800-165-0x0000000000000000-mapping.dmp

memory/1756-164-0x0000000000000000-mapping.dmp

memory/1124-163-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

C:\Users\Admin\AppData\Local\Temp\peggym.exe

MD5 86f5876cfa8abe5d8e7d47093dd035db
SHA1 ecee8c527bf81ad1e7614d8c6c9646a51d9fedc9
SHA256 8daa68a5321e5858ac8fcf919155cc5ed61b5729dab3a0401182d880e6010936
SHA512 e42711e1a50d4e21d63338555e39ccb5639ad0e17b08dd875ad0f3b6a754d449c9af20e329ba0ce86858fce2c6319406c94e3cc44ace75a4913a9750441d1f93

C:\Users\Admin\AppData\Roaming\bevMFfwWPWtAzjVYma5.exe

MD5 36b8c35ac4fdbc041b56e3f82d9d45b6
SHA1 20afeb9abd7ce0c730f78a8d97bb5da4029eed2f
SHA256 b639545e7198a511838a5419f75b33d1946676c6ec05764ff14ac36040ac27df
SHA512 470bcf15984291c8e592955606ad3b6b65146fe6054b0ba19c384438be562a7bec844b862bca8f1f340f2147cf6b02386e4e506e97ef13d85f1adf9be898d756

memory/4620-137-0x0000000000000000-mapping.dmp

memory/4580-136-0x0000000000000000-mapping.dmp

memory/2384-167-0x0000000000000000-mapping.dmp

\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.cmdline

MD5 28897149c2c87c70d479c5fe428bf413
SHA1 99b74693a5b4a3c37712c3a07e3cc9f8940ec8fe
SHA256 90fd47bbfa92330c43a47af9469c8697f7b09e2174780ced327595301ec087ea
SHA512 d5582db6ee0e83a7941d133fae655af31352926573a07853bb72df7c03b7cd2ed8ff562847b7c6d94fa5e915c4934e391be769d2a8aa76463b7cacde0be26fa0

\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.cmdline

MD5 06874454cda05dd488b787f5e4ae063b
SHA1 119892a940f896119ddbb793fa17a28d08f8c14c
SHA256 59df959e3f1b7dc63eb7eba2b98285a95f567eda68d976e8dabc928847f084dd
SHA512 f1d462dc4e5b99a4ccd2a86c05ad31c980ca4e082365883f45e5bcfa5127079ba5235f539a57f62e50f0a0d9fc9fa44cf852eaaecf89077c896921a32714bd77

\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.0.cs

MD5 de6b3732b71cffe5641e0d0338205287
SHA1 200584859e4d4501955d2068012558c2cf6f69a1
SHA256 b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93
SHA512 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8

\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.0.cs

MD5 22e401264feacf15cfebfbf79ad1e993
SHA1 cd24f47a0e96d8e48ecce264a03837eebeff4cbb
SHA256 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4
SHA512 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f

\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.0.cs

MD5 314f7940dcb145914613d3c72b93db66
SHA1 a59e6a9c5ded6ece177e49d1e2f388f723f23620
SHA256 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a
SHA512 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d

memory/4064-176-0x0000000004200000-0x000000000420D000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.0.cs

MD5 dda634ae6683c71e4e2a424b76a04f41
SHA1 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc
SHA256 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21
SHA512 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a

\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.cmdline

MD5 3822b19231f85788ff95c7e3c470f01b
SHA1 7a86786a297fed86e17551a2116e9552a101f70a
SHA256 5fa7bd5755bc7b3bcf12ce5aed3b96ba465e197171cd45e9ceb031069be39d95
SHA512 9c700ed77ba05a0cc314d6ddea213a551e986395f212a90b709c13330fb50e5091c1c69e62b1c3ccbe5f9ae5706c8be205b517cb9bb179d8f708ba55adff01e2

\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.cmdline

MD5 d8db675d272916825a39fefec8cb8536
SHA1 337ebc424b1d63cf4f822090d224bcdf6dff27f6
SHA256 cdf871211face3a49d5368633f97db8b28c29c9e0825868a55cbf3c8cc129620
SHA512 5d3c357e2e4234a20d12a541e592a5a86699b50511f36de18dff02f966c62e89a11fbc09f0e8cb4cc88d654dde120a2db95f1ad92ddb4c014dac9f96c5ccc942

memory/2168-178-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\RESF184.tmp

MD5 fda318441aa89ceb627e2fd7532b3a65
SHA1 a8e620be295e809b4a542c3954edfaaf363ea2d5
SHA256 5b6d579ae7b43c8dfee78288aaab8fd5505c3f50953945b7dc14db3cea98137f
SHA512 a9993e9334868a4c5ebcd6bce819d09a49631fa083f226c54798765caf150e194d53668bf4dff0fce1d47e8eb51985a35bf58e4ca4e8dfee4d46d0710cb12b53

C:\Users\Admin\AppData\Local\Temp\RESF185.tmp

MD5 ecf42723a8ae92c6a17c2f121af9bba1
SHA1 7608139b4d834f39ee50b332a2257f83ca7cfa1c
SHA256 1ee41816355c3f4e116b665b1a3ec706079a94e746f27199f4da2beae7f25a02
SHA512 e976045d6e72f5eb749a352a558f27649ee7c87e8bf0272851f5bf7987a567b0d76610223ab7a3ff439d8da0c7410424dd01b85312f28557dac07205b49f5924

C:\Users\Admin\AppData\Local\Temp\cgd0huxz\cgd0huxz.dll

MD5 7bc1d7be6637c89109447f5dab617ffe
SHA1 b62a75ba333e79235ec96ee725cf373ee4296720
SHA256 09c98d98db96002f8fb709b610bdfb67821adde7fb5758b3d500429890e8a488
SHA512 589e3104b337af0c9ff91da992e2ed98ae3b471cacec7482d957e6d157b22496f20597499957677a9fea1ee1856eea0db3cbfd5c04a1dfcf468cca22b93efe80

C:\Users\Admin\AppData\Local\Temp\vck1k0sx\vck1k0sx.dll

MD5 c098fbe07268501ed5dbd708b356d2ae
SHA1 fef663d1718f551d2dc226f97be0150d3342a783
SHA256 b86f959a69cfae07ce3c98fb662640c411a80bb1b7c270272deddf6ccccd314f
SHA512 cc72deda98d65dc3a095105274165079c5e3e70255e0345a12dc7b6f5c56418dc45394dc388898e836b0a2e7c2b70d310bab76f71bb7071e20987b7b5adddada

memory/2384-193-0x0000000070220000-0x00000000707D1000-memory.dmp

memory/3676-195-0x0000000000000000-mapping.dmp

memory/3444-197-0x0000000000000000-mapping.dmp

\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.0.cs

MD5 22e401264feacf15cfebfbf79ad1e993
SHA1 cd24f47a0e96d8e48ecce264a03837eebeff4cbb
SHA256 36f5995dde798b429f6bf2915f1159c55a1adc26552a63cc6971c61fc5fe8ef4
SHA512 8cc76ed9d3b30403acb25d1303699f2965e59b2556878a33ee9a5ea0ad69f1ff05757d75a70160d7b29dd1095cee7e9808495eaf882b003dcd4e1b8ee0952a1f

\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.0.cs

MD5 dda634ae6683c71e4e2a424b76a04f41
SHA1 0bb0a90cf29d79472add4b8cbcb2ab3ab71d2ebc
SHA256 5f3f6bc620ae0b56975bd24adb3137984b0524c7706fcda6ad67b0cea17aea21
SHA512 4d2657fec0de803affd1c44e912f41048419cbab4abe764b3ae412ccd3585a81fb470bb970aaff20dcb643fa6baf449c40ae8ae21444c6013c8d3e7c2509ca7a

C:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.dll

MD5 797faf693bab71433b576fe90d12f59f
SHA1 7dfc45fec6790e91e6a0784a25acb14ad55bd1d7
SHA256 5d086098f9694417555ed6b9f88e5f30a332db559cc65f4b7b11bfdd13217628
SHA512 d83f93a94d376afe9dbda46667240f1b18ac7cad9c5b25cc8b78e202376925863470a750d37850cb27f14be4baa2360a356f3a79d1f82716a0068eee6a06b278

\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\CSC684DC0A9301240B0A8D0E4BB79D23CD3.TMP

MD5 934c00fec7977a48adfb596906fdd044
SHA1 c2cccdbe4a1de6bfb79e7edb54c23ad4cf217d1f
SHA256 bc30604139ead3796e68336ddf60129df0f075553bd13daa3aadb3e9e9344b7e
SHA512 d2461d8ad1f33b8688a125331f829a19d4ad887296f9b375e2b1fa21ad0ee6297116eb7887cfe531a42319bcf6c186a9ab6773bb8b3af64767cde61e500cd051

memory/5024-216-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.dll

MD5 f8d9f352234c040e6a2d0f8b70d7a91a
SHA1 349dca74e57ebd3cf67892aa2a6b7be444a9455d
SHA256 a0f8c4ed28cc6cc967df187eeffbacb3b2407c30a2f860f68e2cda2e6365998c
SHA512 2e42626f7c42a78d61369cb7a9799dd8087dac8478c759041629fcf58a2b34262125fc4dff88ca70eb0665bf0d4d26e5d7929a3922ba15ea6543dd73edb702b1

\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\CSC6758330FA11540DBB958A837CF45E88.TMP

MD5 4f068881b4f02f5d600de73ff202865c
SHA1 b3103b2b25b1ccff5d6d39740c3fc5ae8c1fc7c5
SHA256 143a95fea952fe5c15f8b4b61ca07b9b00d33644e8800c9ae41666720c1250e5
SHA512 e82101ce7d0a71fb30e47f336c9d5a106cc19c4f54b9fc07c18717be323e3d162b80be22fbf8a9608420657a8ac474c7251c06c03984422a89ce2a28db5acbc5

C:\Users\Admin\AppData\Local\Temp\RESF405.tmp

MD5 f8da527aa95887f5c70e0c038f8a09ba
SHA1 cfde9bfe282516ccff7dc0e95cda80184901f78a
SHA256 e585a0a9669f1281bd5301fc3900dea45616b91c55a53c63950c5d55898b1bca
SHA512 08f8b0123c9ccf7220a9c1559ef810ce1b1a3fa3ccf54861f58e824f367d27add625cc93546437acedd74b2ead3003bf7a5bf7c3a92a9327c0a842d172ea370f

memory/3272-211-0x0000000000000000-mapping.dmp

\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.0.cs

MD5 de6b3732b71cffe5641e0d0338205287
SHA1 200584859e4d4501955d2068012558c2cf6f69a1
SHA256 b2d38110ac05ca0cf9afaa30a0f30fabe45c4dc881309475fec0a866a1b57d93
SHA512 51ca802fcd34f72c00877c26a89723425eaf944b945e01f19e534984ada562f75dc523f06c8c0ff1101d7b327e8fcda6e6cd1895529e42770cffd8b5a7d3dcb8

\??\c:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.cmdline

MD5 c29517e06f68d7f1863887b0c7b67d51
SHA1 b2f23ea50601f27965446cbdfad26913c6c5717f
SHA256 f42fd2d9a29d67d4eec8748c749fb7eb21348beb96375341a2f720eca4befbbc
SHA512 4d64faf1516e623c174284d2f7f18ec66d1a70d286eb4803eaa2f9eff702ade9977142d94e2353575e716209d430a102bdd8b52862000faa57dadcf5f13bc861

C:\Users\Admin\AppData\Local\Temp\RESF406.tmp

MD5 e5f3ca45f5d277262f47862a78416c12
SHA1 57bcdcd7314075a7f43cea9be0b98622d92e47f8
SHA256 34f16c8dbf28b808f70e3862bd81c694af1087e0cbbf3dcc461424f9f43e0993
SHA512 9a205379d0dd8a12623a57db7e3750c180e8c69e7a724de56c42d94414f2965a8052672379d1fb412731bee3afe85ad0ee6b6dd922a932e39d493231eeb187a8

C:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.dll

MD5 4789500298c0ac478f0fc414fac22373
SHA1 b1fd56f7f7539980ea12ddcf0426a6e449b54ac9
SHA256 c5e891f22ce2a22afbcd16a46e288b6485fd6ed3cb648e205a849470d66067aa
SHA512 e255114f8c1d0ed90a624a4a812b7149f42adf2950909d3671ea45459d5d96c91e348b8e7055287afc6642c7d6962eeab69c02481d188fbf3b218f84d954c3bb

C:\Users\Admin\AppData\Local\Temp\gltpphw5\gltpphw5.dll

MD5 2064701efcc8a1cd7e164428e48dfcce
SHA1 d22998ce6d841b99bb30df99ac7040cde9b111f2
SHA256 a19935ed02cd6fd01f1af98270da48e629b7bc1e2ab34010e285655ea45d4383
SHA512 2bfc68a60b71edc30444b11ff513cc07ae3a0ce7965901a6e1d8fcc83c5d935ee296306190a1e2ceb302d91936659519066ed9b82ed63b0e46c0ffc4a7c1658a

C:\Users\Admin\AppData\Local\Temp\RESF4C0.tmp

MD5 c93d7dd1aa7b2c045d6132f7ba775394
SHA1 f093aa8fffabf97726fb85385e66c014905f522c
SHA256 3162039c8f2ca2a14c2917848da4694c988539671387e72a5312ae34957bef30
SHA512 1f6485feacf2702dc16400ca805f9b992daa9479416db1ed73883c5daa4cb783986764471a67f1cf6822138b8795a272097b51652611621fe34fca7b7255dcc4

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

C:\Users\Admin\AppData\Roaming\RWexPNpgWDiGsaZBma5.exe

MD5 5481f39c9525bcfde68c447cac531494
SHA1 c9ba874c23488c37911f3432a8fc502521d29f3f
SHA256 83e06efd3b0dc617c619ad374edd5baa0e7f6e33a0add32ac45d08fa554adc7a
SHA512 38c279d62be6644cd8b2ac3407ab1c0c815190b19e85b4ad5fc15cc0795da88be1e7885995a661873a50e884ae066cbd979a5e26afafb87041c9ea3321bd7f42

memory/4308-230-0x0000000000400000-0x0000000000438000-memory.dmp

memory/4308-232-0x0000000005E70000-0x0000000006414000-memory.dmp

memory/4308-233-0x00000000058C0000-0x0000000005952000-memory.dmp

memory/1420-231-0x0000000004C50000-0x0000000004CEC000-memory.dmp

memory/1716-229-0x0000000000400000-0x0000000000412000-memory.dmp

memory/1420-228-0x0000000000400000-0x000000000040C000-memory.dmp

memory/3520-234-0x0000000004AD0000-0x0000000004AD3000-memory.dmp

memory/4308-235-0x0000000005770000-0x000000000577A000-memory.dmp

memory/2148-236-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2688-241-0x0000000000000000-mapping.dmp

memory/3924-245-0x0000000000000000-mapping.dmp

memory/4180-244-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\gfJcvbOdUUzVyPVOma5.exe

MD5 26094bb49f16575f9c682e7660722059
SHA1 69bdbc3de60f8881630851f34180ae45eeadfd65
SHA256 8638781084b6ec56a5f41040678218323ec6ce1f855913b983fbac186e6c5e20
SHA512 8bcf69087c6dcdbdb30c2e0929453718560eddfbb99349588d316dfeea7de28a11ea611fd0b17323bfe68725be2862afaebbfc76982be71bd594e0d72abdeb83

memory/3372-243-0x0000000000000000-mapping.dmp

memory/4952-240-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\pWkSUTapTJXqMSMsma5.exe

MD5 906b9bdf13fc83d238e75be6c9041d70
SHA1 a486d170b5581acb25a085df8cc63b6ac38d72f6
SHA256 8b915a8ea42ca50b31680a3abfa47f2492aded38dd59d23cea1cc748cdc554bd
SHA512 c14e16a21d6e9186134c10851c68cee156e8c9e2495c925f65f1d26948ba220c9d5274e24c115823b2b04e2b27a456f96a0ad4b2ede860aaf4ef5b8729cb9266

memory/1516-238-0x0000000000000000-mapping.dmp

memory/2820-237-0x0000000000000000-mapping.dmp

memory/4308-226-0x0000000000000000-mapping.dmp

memory/1716-223-0x0000000000000000-mapping.dmp

memory/2148-222-0x0000000000000000-mapping.dmp

memory/1420-225-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\RESF50E.tmp

MD5 6a826eea43e3223e434e604473913def
SHA1 18742b8adfd34e3007ea55a3bbd706f2536493ff
SHA256 bceb5874facb2f045c808c95ff7a774d2a958d45b069bc8472fa5966be6f6415
SHA512 fe2de45502775a610d779cbd47e546341a678845bd5df5fbab3df2a2ff2393900355302c5b159e5edac0097fd29676f944426aabc554446217317c128f2c5cf1

memory/5040-246-0x0000000000000000-mapping.dmp

memory/3592-250-0x0000000000000000-mapping.dmp

memory/4620-249-0x0000000000000000-mapping.dmp

memory/1064-248-0x0000000000000000-mapping.dmp

memory/4188-251-0x0000000000000000-mapping.dmp

memory/4572-252-0x0000000000000000-mapping.dmp

memory/4908-247-0x0000000000000000-mapping.dmp

\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\CSC499F2B105E284277ABA80A0766D2A61.TMP

MD5 8dad1e667007a4030fb620fd43039e6a
SHA1 0dea7841b7e4dc853360e44bef815a02f0e9dd67
SHA256 c66e55175b6701c5f825881b7af19d3bbf42e7823eb25467ce0c3aaf042152d4
SHA512 b0f427bcbe3ce72a9923f564d2cb294bc75316c231e8330ef0ec6d184d2232c1ca46316f3f068ae7d0f9f5e719427d618aaf0fc9b20497daf2a7818e28aa024a

\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\CSCE8969110A474D6FB9301BB589568DD.TMP

MD5 fa7858a5ba04b57d680d2c99a9fd516a
SHA1 91d73d292540de83ca377b302a772821fc63c43d
SHA256 135becb126e7212aaa3cafc11523f547435f2cb36d8df1354d2c0121f346be59
SHA512 4ac51d7b3287bbdae2b0cb1fe6fb21bc18f3d2a4bc30489d41adf319160e89b46ccbd7bc55103e99bf77ce30c1fa4f91690b9cf366c81825778d14a924ff6e88

\??\c:\Users\Admin\AppData\Local\Temp\xhirshi5\xhirshi5.cmdline

MD5 dbdf6a3195cd4651c451b3989c47b84d
SHA1 160627cc979cb1fbaf84fb1a314af3e285bdaa53
SHA256 fd07308a2f67230a4da32a4e4428bd49619bd3b712b64af32b1297df8a512d12
SHA512 8e5f8fc43ffa707b2446093f46987b3eb0610ea48642225a64e11462ab5017b8f855e348af35a8e4a3d9ad63348d065d34f364b0292e219b401d6733684316a5

memory/4284-203-0x0000000000000000-mapping.dmp

memory/3860-202-0x0000000000000000-mapping.dmp

\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.0.cs

MD5 314f7940dcb145914613d3c72b93db66
SHA1 a59e6a9c5ded6ece177e49d1e2f388f723f23620
SHA256 3c81cb2dfe04b19917f8221dd8302314ba4d5ddeebbd335103140d918d77936a
SHA512 96b617dc4df3fc13be2cc7197e34079a02fa8d21e9bbc161e375944a1f3e8bbb76c8785604da531d6def7a457bdff44fcedd77102114b309ff7a27ee2d0a0e6d

\??\c:\Users\Admin\AppData\Local\Temp\vdb1lnqw\vdb1lnqw.cmdline

MD5 66815a2ff3e8276b29b955dcb68fabe2
SHA1 eb5f27e4ce9fef4401ff9f3a95bb521ecbcbfc17
SHA256 9b2c9935e48ac2b24c11699b19b787bc0ab4ae00fedb9db368129f0f442b4390
SHA512 b6b4d513b0a49f5716010d0cc7c4d5cd28448be0217106fd9996970562e44f2c5712e7f4a2a9d1d31f0ae8d2c694c672f58d84003371c9bb814673cbcc767646

\??\c:\Users\Admin\AppData\Local\Temp\vmxwxss3\vmxwxss3.cmdline

MD5 077eed42fa54e8ec95d66a5cc0af1965
SHA1 b4336e555f11ddab9b1edbdb2d95e92a3269a2eb
SHA256 4fea64ef318f328172c1903df41c6be21df71e58fb01fe325bcfc39c66af35e9
SHA512 7aa73fa2c44cceedb5b4e9815b47b38ba3a4ecc62a4f68bee2d4ed4b617f275954f04d34606a0c2778a4c971acb409b25dfdced1b67bd8a05cdc489b9cf1f1e2

memory/5068-196-0x0000000000000000-mapping.dmp

memory/2680-194-0x0000000000000000-mapping.dmp

memory/4572-257-0x00000000013E0000-0x00000000013E1000-memory.dmp

memory/2892-258-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4876-259-0x0000000000000000-mapping.dmp

memory/3752-260-0x0000000000000000-mapping.dmp

memory/2892-256-0x0000000000000000-mapping.dmp

memory/4292-261-0x0000000000000000-mapping.dmp

memory/3976-255-0x0000000000000000-mapping.dmp

memory/2116-254-0x0000000000000000-mapping.dmp

memory/4432-253-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\ubf3koi2\ubf3koi2.dll

MD5 505e9166eccddb74ce233283d87fe62c
SHA1 b47696589946055773c6c4b398e25c5731cfc0ca
SHA256 4889bc432d7516b3f10d93024a90e42d0c6513095c9a0fe5f573b00d744e1898
SHA512 932eefbb082c4c405ac339150def17b8726e28f39321a34673c9956952a53e8a0169995ee46118312a90e819487ba2e2d20b42480df2d20c7955485323a8474d

C:\Users\Admin\AppData\Local\Temp\tf1oz4jb\tf1oz4jb.dll

MD5 10f34eac822120f596cd59992c2ebcc7
SHA1 174ab2a21a6936b5eaf317312da8f729c27fdb6c
SHA256 94d1327d57ff240bea74befa35321dcac21ae93c59fe7d55ba19ad86707e497d
SHA512 7241fc2c3ff3d8d3ce2c34ee1f1741b2fc2b199fb21c53736ceb4db8da7ba94a8fa3a976297935135852fd9373da3f239788cce4d14d29533ba895c10def018e

C:\Users\Admin\AppData\Local\Temp\RESF126.tmp

MD5 45f2bdaf6bc4c0165110b9a78cdf71d4
SHA1 93989e30faaa0c43eee72978af8ecddc7a708038
SHA256 80dc59558e83acff6c19174ceac67468afd1e9b27456f7c9ca112f30ebfb1891
SHA512 8c55343068d35d93abbf509fb3a84268f4cc1920864646e049cc0d7adef67c4a92cc987a63527a177f45047632133b88473cdd1688cfb9b4b730c401317f421c

C:\Users\Admin\AppData\Local\Temp\RESF186.tmp

MD5 0ef1cfb895b350ff10b393c61f9256b6
SHA1 31583a3c3d0113b76c3a145cf7f9c804782da9ab
SHA256 1807956ec897f35bd86d0e50e2d6e77152c687ef03792c14f98346d9dcf9e5d0
SHA512 741e0eab84041c5bc95f67de32097a19b95abadbff580db7ba3b0f87a9f19dfa5de0d5731b85d88048f3ff0ca7ba1ebf288b8a74cc4f0525bf62d950ac0cd05a

\??\c:\Users\Admin\AppData\Local\Temp\ubf3koi2\CSC74F450682ED44C19B164327F8C413AE.TMP

MD5 2eed4aabc6bf343bdd643aac89d7a6a4
SHA1 f13bfd561a4fffae2e19cea8b095ac053619f722
SHA256 f8f28e6f8c794204574f4d3c86502f06ae86128a2e07c5b325091882a0487a54
SHA512 62f61872184755104facf5b93843e0b55e98e902bac23837b7a6c8b7e2113a763f8f951fac89bb17f41755e888dda591af69ba5d17c0021d2eb093c244a79ffe

\??\c:\Users\Admin\AppData\Local\Temp\vck1k0sx\CSCC8E36BD8FF5248828336A51174D69796.TMP

MD5 a5b365e9cbde284c9b22b48286248dc6
SHA1 cf85dd06ce820199e5c6eb11e75f87ce0a87ce2c
SHA256 0f537f79745bc0daa9cc8d4fcb9905aa6f6880dbe02b0500a583f73b449cce01
SHA512 acb1c3b8de1434db6456812adfb1aaa970e06df27bb5712af950d3894fac43eb9ec9104cc81269ddc83f668f446672dbbbb67b4c54865f1c400ba80a14174b17

\??\c:\Users\Admin\AppData\Local\Temp\tf1oz4jb\CSCBF72C7957F5448C0BF7155DD2D3F9D78.TMP

MD5 0e1e39e7f503ee0bc0da83bd810c6ddc
SHA1 6898fc34016d3468d4008f85b65682e782c903aa
SHA256 ddde74604bf8bc4e5cbc11318f35b6572a573645d32a1bc991bdfcf53d460d74
SHA512 cd26d731ef4cbac767d08779d832cf729054f8465f07e654f58670b46b28a857e0f98b04e1bceef3cb12406e6493baf12da05320fb362a0513431dbda41e69c2

\??\c:\Users\Admin\AppData\Local\Temp\cgd0huxz\CSCD87621FA32694A48876A4BEF7CC01BB3.TMP

MD5 5d2e77176030e2284a16b73aefb4fc78
SHA1 451cb847aed8c5f2dff65531984c082add3ec251
SHA256 39d169edc6cc9b9a95e43ccbe7d5a84ed3a9e538457059af4aa49457a9ed912c
SHA512 787240cc25381a974398e35faf87e071629c28521e7e55951a9c8933215ef7405bbec0640a9104c24704b361fddc94b571481d00ca6eb20d511c90619609b1f6

memory/1556-180-0x0000000000000000-mapping.dmp

memory/828-179-0x0000000000000000-mapping.dmp

memory/4260-177-0x0000000000000000-mapping.dmp

memory/2736-262-0x0000000000000000-mapping.dmp

memory/1428-266-0x0000000000000000-mapping.dmp

memory/2864-265-0x0000000000000000-mapping.dmp

memory/2836-268-0x0000000000000000-mapping.dmp

memory/964-267-0x0000000000000000-mapping.dmp

memory/3364-269-0x0000000000000000-mapping.dmp

memory/3480-270-0x0000000000000000-mapping.dmp

memory/2736-271-0x0000000000550000-0x0000000000551000-memory.dmp

memory/4512-264-0x0000000000000000-mapping.dmp

memory/4240-275-0x0000000000000000-mapping.dmp

memory/3784-276-0x0000000000000000-mapping.dmp

memory/4692-277-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3880-274-0x0000000000000000-mapping.dmp

memory/3824-273-0x0000000000000000-mapping.dmp

memory/3872-272-0x0000000000000000-mapping.dmp

memory/1808-263-0x0000000000000000-mapping.dmp

memory/2384-278-0x0000000070220000-0x00000000707D1000-memory.dmp

memory/4520-279-0x0000000000F90000-0x0000000000F91000-memory.dmp

memory/2148-280-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2892-281-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4692-282-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4796-283-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1864-284-0x0000000001190000-0x0000000001191000-memory.dmp

memory/3196-286-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5084-287-0x0000000000D90000-0x0000000000D91000-memory.dmp

memory/536-288-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4932-289-0x0000000001500000-0x0000000001501000-memory.dmp

memory/4208-291-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

memory/2700-290-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4796-292-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1604-293-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4264-294-0x00000000014B0000-0x00000000014B1000-memory.dmp

memory/4984-295-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1948-296-0x0000000000400000-0x000000000041D000-memory.dmp

memory/260-297-0x00000000007E0000-0x00000000007E1000-memory.dmp

memory/4984-285-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4944-298-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

memory/3196-299-0x0000000000400000-0x000000000041D000-memory.dmp

memory/536-300-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2700-301-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1604-302-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1948-303-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2428-304-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4592-305-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4240-306-0x00000000014D0000-0x00000000014D1000-memory.dmp

memory/3184-307-0x0000000000400000-0x000000000041D000-memory.dmp

memory/628-308-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/3012-309-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5056-310-0x00000000017F0000-0x00000000017F1000-memory.dmp

memory/4300-311-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5192-313-0x00000000009F0000-0x00000000009F1000-memory.dmp

memory/2428-312-0x0000000000400000-0x000000000041D000-memory.dmp

memory/6080-315-0x0000000000D10000-0x0000000000D11000-memory.dmp

memory/5956-314-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4592-316-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4772-317-0x0000000001140000-0x0000000001141000-memory.dmp

memory/3184-318-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3012-319-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4300-320-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5956-321-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4620-322-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5632-323-0x00000000019B0000-0x00000000019B1000-memory.dmp

memory/4396-324-0x0000000000400000-0x000000000041D000-memory.dmp

memory/6032-325-0x00000000013F0000-0x00000000013F1000-memory.dmp