b297a3e0403dc3b27fcd955c9a00efb0b757da79bc3de9bba4e14a89d30a330c

Analysis

max time kernel
151s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2023 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

1024.0MB
MD5

eaad183f45933c9a0555faa8fc11ad18
SHA1

18f60cb6fc480c630ebb7840a0ce221204c1a35d
SHA256

001089c78854b89c19d1636239e822160f1e84d3ffd1f60d59907e075c71c7a0
SHA512

4b8c93e501a1be9d1b819089d6e7fb5b29c9b355acb2b9018b19cf5e675b5d3c3630ac861a4a2ad576984cce48d5e5c651d431b18d60decce6837fa6fa720791
SSDEEP

393216:yqvNmrbQZmAPE6a2/vVyBTVKc7c85j4euNCb/9rEaQWwdKmleIw6v0vo:X8A8l2/oWcI8j4euC/dEaPwdKmAIxvM

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

UAC bypass 3 TTPs 2 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

AnyDesk.exeConhost.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	AnyDesk.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	Conhost.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Conhost.exeAnyDesk.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\readme = "C:\\Users\\Public\\readme.exe"	Conhost.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	AnyDesk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\readme = "C:\\Users\\Public\\readme.exe"	AnyDesk.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	Conhost.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
4976	powershell.exe
4976	powershell.exe
3576	powershell.exe
3576	powershell.exe
3648	powershell.exe
3648	powershell.exe
4472	powershell.exe
4472	powershell.exe
428	powershell.exe
428	powershell.exe
3708
3708
1644	powershell.exe
1644	powershell.exe
3652	powershell.exe
3652	powershell.exe
1092	powershell.exe
1092	powershell.exe
4076	powershell.exe
4076	powershell.exe
4472	powershell.exe
3576	powershell.exe
4976	powershell.exe
3708
428	powershell.exe
1644	powershell.exe
3648	powershell.exe
1092	powershell.exe
3652	powershell.exe
4076	powershell.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	4976	powershell.exe
Token: SeDebugPrivilege	3576	powershell.exe
Token: SeDebugPrivilege	4076	powershell.exe
Token: SeDebugPrivilege	3652	powershell.exe
Token: SeDebugPrivilege	4472	powershell.exe
Token: SeDebugPrivilege	1644	powershell.exe
Token: SeDebugPrivilege	3708
Token: SeDebugPrivilege	3648	powershell.exe
Token: SeDebugPrivilege	1092	powershell.exe
Token: SeDebugPrivilege	428	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exeConhost.exe

description	pid	process	target process
PID 376 wrote to memory of 616	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 616	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 616	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 808	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 808	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 808	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 60	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 60	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 60	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3956	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3956	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3956	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3500	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3500	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 3500	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1052	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1052	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1052	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4928	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4928	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4928	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4820	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4820	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4820	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1028	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1028	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 1028	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4588	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4588	376	AnyDesk.exe	cmd.exe
PID 376 wrote to memory of 4588	376	AnyDesk.exe	cmd.exe
PID 808 wrote to memory of 1092	808	cmd.exe	powershell.exe
PID 808 wrote to memory of 1092	808	cmd.exe	powershell.exe
PID 808 wrote to memory of 1092	808	cmd.exe	powershell.exe
PID 4928 wrote to memory of 1644	4928	cmd.exe	powershell.exe
PID 1028 wrote to memory of 428	1028	cmd.exe	powershell.exe
PID 4928 wrote to memory of 1644	4928	cmd.exe	powershell.exe
PID 4928 wrote to memory of 1644	4928	cmd.exe	powershell.exe
PID 1028 wrote to memory of 428	1028	cmd.exe	powershell.exe
PID 1028 wrote to memory of 428	1028	cmd.exe	powershell.exe
PID 1052 wrote to memory of 3576	1052	cmd.exe	powershell.exe
PID 1052 wrote to memory of 3576	1052	cmd.exe	powershell.exe
PID 1052 wrote to memory of 3576	1052	cmd.exe	powershell.exe
PID 4820 wrote to memory of 4976	4820	cmd.exe	powershell.exe
PID 4820 wrote to memory of 4976	4820	cmd.exe	powershell.exe
PID 4820 wrote to memory of 4976	4820	cmd.exe	powershell.exe
PID 3500 wrote to memory of 4076	3500	cmd.exe	powershell.exe
PID 3500 wrote to memory of 4076	3500	cmd.exe	powershell.exe
PID 3500 wrote to memory of 4076	3500	cmd.exe	powershell.exe
PID 3956 wrote to memory of 4472	3956	cmd.exe	powershell.exe
PID 3956 wrote to memory of 4472	3956	cmd.exe	powershell.exe
PID 3956 wrote to memory of 4472	3956	cmd.exe	powershell.exe
PID 616 wrote to memory of 3652	616	cmd.exe	powershell.exe
PID 616 wrote to memory of 3652	616	cmd.exe	powershell.exe
PID 616 wrote to memory of 3652	616	cmd.exe	powershell.exe
PID 60 wrote to memory of 3648	60	cmd.exe	powershell.exe
PID 60 wrote to memory of 3648	60	cmd.exe	powershell.exe
PID 60 wrote to memory of 3648	60	cmd.exe	powershell.exe
PID 4588 wrote to memory of 3708	4588	cmd.exe	powershell.exe
PID 4588 wrote to memory of 3708	4588	cmd.exe	powershell.exe
PID 4588 wrote to memory of 3708	4588	cmd.exe	powershell.exe
PID 3708 wrote to memory of 4284	3708		Conhost.exe
PID 3708 wrote to memory of 4284	3708		Conhost.exe
PID 3708 wrote to memory of 4284	3708		Conhost.exe
PID 4284 wrote to memory of 1812	4284	Conhost.exe	cmd.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

AnyDesk.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" AnyDesk.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- UAC bypass
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- System policy modification
PID:376
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3652
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1092
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:60
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3648
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3500
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3576
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1644
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4472
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:428
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    3⤵
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
      4⤵
      PID:4284
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        5⤵
        
        PID:1812
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        6⤵
        
        PID:5320
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        5⤵
        
        PID:4744
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        6⤵
        
        PID:5332
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        5⤵
        
        PID:3540
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        6⤵
        
        PID:5364
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        5⤵
        
        PID:3100
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        6⤵
        
        PID:5380
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        5⤵
        
        PID:4824
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        6⤵
        
        PID:5372
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        5⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        6⤵
        
        PID:5388
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        5⤵
        
        PID:3432
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        6⤵
        
        PID:5396
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        5⤵
        
        PID:2832
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        7⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        8⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        8⤵
        
        PID:4724
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        9⤵
        UAC bypass
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:4284
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        8⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        8⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        8⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        10⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        11⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        12⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        11⤵
        
        PID:724
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        12⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        13⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        14⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        15⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        16⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        17⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        18⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        19⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        20⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        21⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        22⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        23⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        24⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        25⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        26⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        27⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        28⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        29⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        30⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        31⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        32⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        33⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        34⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        35⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        36⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        35⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        36⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        37⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        38⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        39⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        38⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        39⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        40⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        41⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        42⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        41⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        42⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        43⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        44⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        45⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        44⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        45⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        46⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        47⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        48⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        47⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        48⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        49⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        50⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        51⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        52⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        53⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        53⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        54⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        53⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        54⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        53⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        54⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        53⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        53⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        54⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        53⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        54⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        53⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        54⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        53⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        54⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        53⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        54⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        50⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        51⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        50⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        51⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        50⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        51⤵
        
        PID:784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        50⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        51⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        50⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        51⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        50⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        51⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        50⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        51⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        50⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        51⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        50⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        51⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        47⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        48⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        47⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        48⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        47⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        48⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        47⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        48⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        47⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        48⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        47⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        48⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        47⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        48⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        47⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        48⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        44⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        45⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        44⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        45⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        44⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        45⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        44⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        45⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        44⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        45⤵
        
        PID:424
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        44⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        45⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        44⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        45⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        44⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        45⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        41⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        42⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        41⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        42⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        41⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        42⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        41⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        42⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        41⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        42⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        41⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        42⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        41⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        42⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        41⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        42⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        38⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        39⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        38⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        39⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        38⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        39⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        38⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        39⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        38⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        39⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        40⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        38⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        39⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        38⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        39⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        38⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        39⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        35⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        36⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        35⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        36⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        35⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        36⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        35⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        36⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        35⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        36⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        35⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        36⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        35⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        36⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        35⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        32⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        33⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        32⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        33⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        32⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        33⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        32⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        33⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        32⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        33⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        32⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        33⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        32⤵
        
        PID:404
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        33⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        32⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        33⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        32⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        33⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        29⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        30⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        29⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        30⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        29⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        30⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        29⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        30⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        29⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        30⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        29⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        30⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        29⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        30⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        29⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        29⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        30⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        26⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        27⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        26⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        27⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        28⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        26⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        27⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        26⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        27⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        26⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        27⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        26⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        27⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        26⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        27⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        26⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        27⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        26⤵
        
        PID:812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        27⤵
        
        PID:632
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        23⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        24⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        23⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        24⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        23⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        24⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        23⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        24⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        23⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        23⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        24⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        23⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        24⤵
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        23⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        24⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        23⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        24⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        20⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        21⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        20⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        21⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        20⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        21⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        20⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        21⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        20⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        21⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        20⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        21⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        20⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        21⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        20⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        21⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        20⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        21⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        17⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        18⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        17⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        18⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        17⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        18⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        17⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        18⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        17⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        18⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        17⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        18⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        17⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        18⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        17⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        18⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        17⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        18⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        14⤵
        
        PID:672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        15⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        14⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        15⤵
        
        PID:952
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        14⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        15⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        14⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        15⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        14⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        15⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        15⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        14⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        15⤵
        
        PID:616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        14⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        15⤵
        
        PID:936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        14⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        15⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        14⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        15⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        11⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        12⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        11⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        12⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        13⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        11⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        12⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        11⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        12⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        11⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        12⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        11⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        12⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        11⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        12⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        11⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        12⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        9⤵
        
        PID:6468
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        5⤵
        
        PID:3244
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        6⤵
        
        PID:5352
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        5⤵
        
        PID:2076
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        6⤵
        
        PID:5344
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4976

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
1⤵
PID:3756

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:2832

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
1⤵
PID:2276

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
1⤵
PID:6548

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
1⤵
PID:4612
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
  2⤵
  PID:3416
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
    3⤵
    PID:4628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
      4⤵
      PID:3900
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
    3⤵
    PID:6276
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
      4⤵
      PID:5532
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    3⤵
    PID:4516
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        5⤵
        
        PID:5784
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        6⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        11⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        12⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        13⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        12⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        14⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        15⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        16⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        17⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        18⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        19⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
        20⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        21⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
        21⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        18⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        19⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        18⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        19⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        18⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        19⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        18⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        19⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        18⤵
        
        PID:904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        19⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        18⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        19⤵
        
        PID:672
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        18⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        19⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        18⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        19⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        18⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        19⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        15⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        16⤵
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        15⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        16⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        15⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        16⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        15⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        16⤵
        
        PID:212
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        15⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        16⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        15⤵
        
        PID:312
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        16⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        15⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        16⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        15⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        16⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        15⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        16⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        12⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        13⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        12⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        12⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        13⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        12⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        13⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        12⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        12⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        12⤵
        
        PID:320
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        12⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        10⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        9⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        9⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        10⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        9⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        10⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        10⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        10⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        9⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        10⤵
        
        PID:3204
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        6⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
        7⤵
        
        PID:7504
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        6⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
        7⤵
        
        PID:8052
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        6⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
        7⤵
        
        PID:6924
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        6⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
        7⤵
        
        PID:8108
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        6⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
        7⤵
        
        PID:1772
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        6⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp
        7⤵
        
        PID:7896
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        6⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
        7⤵
        
        PID:6480
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        6⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
        7⤵
        
        PID:7388
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        6⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local
        7⤵
        
        PID:3192
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
    3⤵
    PID:4588
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Music
      4⤵
      PID:6272
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
    3⤵
    PID:2204
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
      4⤵
      PID:668
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
    3⤵
    PID:4076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Documents
      4⤵
      PID:832
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
    3⤵
    PID:3340
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public
      4⤵
      PID:8140
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
    3⤵
    PID:5628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionProcess "C:\Users\Public\readme.exe
      4⤵
      PID:7148
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
    3⤵
    PID:5192
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
    3⤵
    PID:4840

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
1⤵
PID:5740

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop
1⤵
PID:5808

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Public\Downloads
1⤵
PID:64

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads
1⤵
PID:8084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
33b19d75aa77114216dbc23f43b195e3

SHA1
36a6c3975e619e0c5232aa4f5b7dc1fec9525535

SHA256
b23ced31b855e5a39c94afa1f9d55b023b8c40d4dc62143e0539c6916c12c9d2

SHA512
676fa2fd34878b75e5899197fe6826bb5604541aa468804bc9835bd3acabed2e6759878a8f1358955413818a51456816e90f149133828575a416c2a74fc7d821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
124edf3ad57549a6e475f3bc4e6cfe51

SHA1
80f5187eeebb4a304e9caa0ce66fcd78c113d634

SHA256
638c51e173ca6b3469494a7e2e0b656021a761f77b4a83f3e430e82e7b9af675

SHA512
b6c1a9051feeffad54ba1092fd799d34a9578368d7e66b31780fe478c1def0eb4094dce2879003f7389f2f9d86b94a3ef3975e78092a604597841c9b8db120ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
a0f0ee267de7facd3e9969e683e1f70e

SHA1
786b270476f79c2498362afbf25deddadb2ff340

SHA256
ca6a3b57fb3d087fa79011f2b61958998de86d4683f466fe338fd3ff6ee14fa2

SHA512
a131c1c3af555feffa110c4658f2609034f146f5cc5970bee54c39b2558a2340798136efcb130edcb3e1add0197d8188bf7c9036d89ac7736fd1aa3fa40bc5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
0786131f3533385458fc3a61790755c2

SHA1
c29d77f0d8d58c58613a34312ddb4a17882f09d2

SHA256
d28a5473125bf64fa9cbb4c81d9f553ed91b3fab0826556ef27311e5b393d4f8

SHA512
2261185c73f269090e096c846438ae6fceada3bf029ce9070cdffd83d65f5e04012c0a430c5280a4f8647a9ff8eb279375f7ea2a37307f6d91086cbb0a0393db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
06b232cdecfcb5e38d2df9205ff4f90f

SHA1
3241db2a4a4b47f75d76920a99abc1d064ffaac6

SHA256
a3fbfb1b69f3792d189cd0493953b9250f5f1b0e3342d374ce7723794d151097

SHA512
aa8c1eb8595948109d81cb7a8d01d554c6fdba47cd0b84463427d654142546d4d7e996875825408a281398643437df9a90a4a90a63142e3560146f83a1c4aa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
d936881a64b33cc68fef349ad3d25d17

SHA1
f95a900673aa8b838b6f04dcc97f83e501b20ba5

SHA256
74864c7863c8e66dc8eb21b239ee5b35ea861d61b08d2c49eb57284ba55a9d31

SHA512
62934cf3cdff9e925551e1f48ac75c7c666f78e5dde017027648886c8798192a1794f81a545155aa5e130731cb44d344d3c2233f43a50042b3b6ce931c24d269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
d936881a64b33cc68fef349ad3d25d17

SHA1
f95a900673aa8b838b6f04dcc97f83e501b20ba5

SHA256
74864c7863c8e66dc8eb21b239ee5b35ea861d61b08d2c49eb57284ba55a9d31

SHA512
62934cf3cdff9e925551e1f48ac75c7c666f78e5dde017027648886c8798192a1794f81a545155aa5e130731cb44d344d3c2233f43a50042b3b6ce931c24d269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
45209815fe443a36aa290ac5f6a56f62

SHA1
9a7e82321afb0ba2b20ee1719dd85c5ca6782c11

SHA256
7e04431cca1b8aa93730285cfe0843eddef8a1a61b573fab1cccd7d43b572612

SHA512
04cc6a5ab975a5a4de4424ed49f4ab0845bfbb511e90c7f5a11cbcc95a7e4d7631286722484ce67c8ef21ee49e4a0e3e890dd13904aeecee286d28ecbfbacda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
47e7ca6f2d78ff763c8cd65c3c553e77

SHA1
fa6d5b6a29932224ccb2d93207345f77ea002682

SHA256
ba10725df81b3ae924d8530d49b3dbc8e6f8d199ab9c5432ea5364609632e4bd

SHA512
79f4455ade889ca8df9e172fbbd956b94d749c9bc818ad7e488da16225bae3cf46db82693d37ece85e571f75bacf3baf596b03d87c2c453847d44d8063500d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
e56ad7cb05828c9cb7e7958a7b14562b

SHA1
834e8c8ca926fba93a58b7dd4cbfb2e98508faf8

SHA256
73b9d9c64471fde7c9f5063326c857583f9e81166f01ce70b3bd6b0912cc8a5f

SHA512
8e6477467462a8baa90affa7302818c1bfce4ce319a0734b1491814a9fc73b63eaaa69903572d165a9c2822f3a5c3d913a92b1d1924c184641f9ad19e5fe83f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
6d69d89a8012c8ef94b0ea37cc3e9b27

SHA1
d584e9facc2426e9d0c5d20dd8d888941c244144

SHA256
17f6fd56362e70bb5da584f81d590184ee07aa23ba77f1c140af3fb699986b2b

SHA512
017b06fdaf646609b82b5fdee89ee86c1043f267d8d775f66b962247ca86fe1703f1bcba8201ddf0e519db19649fa6468961edbfe14d828d15bfb218d69724d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
6d69d89a8012c8ef94b0ea37cc3e9b27

SHA1
d584e9facc2426e9d0c5d20dd8d888941c244144

SHA256
17f6fd56362e70bb5da584f81d590184ee07aa23ba77f1c140af3fb699986b2b

SHA512
017b06fdaf646609b82b5fdee89ee86c1043f267d8d775f66b962247ca86fe1703f1bcba8201ddf0e519db19649fa6468961edbfe14d828d15bfb218d69724d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
6d69d89a8012c8ef94b0ea37cc3e9b27

SHA1
d584e9facc2426e9d0c5d20dd8d888941c244144

SHA256
17f6fd56362e70bb5da584f81d590184ee07aa23ba77f1c140af3fb699986b2b

SHA512
017b06fdaf646609b82b5fdee89ee86c1043f267d8d775f66b962247ca86fe1703f1bcba8201ddf0e519db19649fa6468961edbfe14d828d15bfb218d69724d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
a840f289595ba310050462e6c33907d9

SHA1
5dceab463709745c82bee7fbe0aca1752f37f6b8

SHA256
fc52905cb8590d30a242f63d22a8ee1c38053b5669d5f63d068b0796bf100437

SHA512
cb8dc8f36d1ef06aafc9877e259da7bc68bc909558c31303fb7aa2d6779fdcc6aee657dc4dbddb2a7ba9bf444a8c08811e55d26970391a4cfc09600a259be611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
110312a4ac2ce0c8a94e987852001559

SHA1
0dc737ebd6c5f4cc6fd2f6c3c8c586246797d521

SHA256
07c8866fa61bcba5b7f20be27e749056861c9e8ee40bb6322fec72e0966a9bed

SHA512
27d789252034f1d5860cf1d364a7144d7dbf86c81541a0a61d7b4a524441af2937a91498776a6fc9eaf3d1fb1bbc4ee14b90e06c09e0049752c302ff105a9521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
110312a4ac2ce0c8a94e987852001559

SHA1
0dc737ebd6c5f4cc6fd2f6c3c8c586246797d521

SHA256
07c8866fa61bcba5b7f20be27e749056861c9e8ee40bb6322fec72e0966a9bed

SHA512
27d789252034f1d5860cf1d364a7144d7dbf86c81541a0a61d7b4a524441af2937a91498776a6fc9eaf3d1fb1bbc4ee14b90e06c09e0049752c302ff105a9521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
110312a4ac2ce0c8a94e987852001559

SHA1
0dc737ebd6c5f4cc6fd2f6c3c8c586246797d521

SHA256
07c8866fa61bcba5b7f20be27e749056861c9e8ee40bb6322fec72e0966a9bed

SHA512
27d789252034f1d5860cf1d364a7144d7dbf86c81541a0a61d7b4a524441af2937a91498776a6fc9eaf3d1fb1bbc4ee14b90e06c09e0049752c302ff105a9521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
e7723ed058532a176bda1515be2ea215

SHA1
3a07e2830c2368a2e7a734ecd5e87e2d6aa4a005

SHA256
15fed1e11e0cad2c9a640cdca2216a973bf1ffaf96855a3fc7b7d662dd0e6a0e

SHA512
ae71f6cf322d61878d87da19e4c9e8089513c8a8d57d63671119218537eb7da2a2240e603ebe1dc66666df7e72e3d450ef7c9bbc46f4cc8f7834e6248c3735a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
e7723ed058532a176bda1515be2ea215

SHA1
3a07e2830c2368a2e7a734ecd5e87e2d6aa4a005

SHA256
15fed1e11e0cad2c9a640cdca2216a973bf1ffaf96855a3fc7b7d662dd0e6a0e

SHA512
ae71f6cf322d61878d87da19e4c9e8089513c8a8d57d63671119218537eb7da2a2240e603ebe1dc66666df7e72e3d450ef7c9bbc46f4cc8f7834e6248c3735a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
d7d267611912e9ccf7107fb1e584d81e

SHA1
5df77bac1366683bc027de7538ddb5f51b212a15

SHA256
004445a36a159c06bc777a95a0fff5cb42e2d27884f23e5aef9f9ef0b87e9180

SHA512
d613bbd70e20fc737b24083f903b31cbecedc1a6be5d829485ff50007a5b0275c37df80fb472b72c184570faae48be2158e42e2303166e5b9d6ec5fb367302a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
54ee40be891429305dd63cc5b104f512

SHA1
4dcb9d3aa1d1413932f355dec7024552f245272f

SHA256
9a4c580ce37c8ad15a820983706f0c772922026a77e82d969667475c6aff4771

SHA512
6ddfbc9ca257581ed3f321000d1cb30b630b50a9686bef5888093bebfbf4b35eb02a56feac560dc3e84a36077deb7ae4024909811044a1164be49d8cea0e1c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
9208bbe44eeb81d8da2000db5b3ffb63

SHA1
c17cd4911eeca66a2796170034c355c01de4b8b5

SHA256
39434fdf679ff5a452e27a736659c3b79fc9dc89dd5436d6dbd8b77dbd20e28b

SHA512
b7a09cf638ec0c57e56c7c4acdc906c6701fb6bb1c0f2ca4695a4efc11c9cb0de138bfa150b0b997b0001c0e98738f8ecc0cde95846d477279a59eeeeb158d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
9208bbe44eeb81d8da2000db5b3ffb63

SHA1
c17cd4911eeca66a2796170034c355c01de4b8b5

SHA256
39434fdf679ff5a452e27a736659c3b79fc9dc89dd5436d6dbd8b77dbd20e28b

SHA512
b7a09cf638ec0c57e56c7c4acdc906c6701fb6bb1c0f2ca4695a4efc11c9cb0de138bfa150b0b997b0001c0e98738f8ecc0cde95846d477279a59eeeeb158d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
677c9ae9d5adbc3993074d9b5887047f

SHA1
b051b7e0963b7f494b4f176cee3bb70e9b2eff5e

SHA256
1c74a5a0d67308e245ea5875310674990e921ade4df83e76e3473be3b58179e2

SHA512
26fdb86767dba5dc0d3fcc8df641cffb2add0090c5b5f4f77788c963a87ce75d87d856ef6965a45b6a7bf83c5a917c6a5f4eef486824108cb0fa195ec10d8afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
c53760854573867f6422949f5e89b946

SHA1
4b6d1829a260c73c9ea9723ce72c1e6bd8817295

SHA256
5af3c071a39b701437a3d826a1713d623e9f3c2ae6d0b8b03cb15446429f716c

SHA512
f65a8d5c773a305ee9ccb94c4d63905b0c395f0982638374f78c5c1395161e0c667ea82e8527bd4a121f925c967c344faeb8b62a8a5292fa7d7db0300c2bf34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
c53760854573867f6422949f5e89b946

SHA1
4b6d1829a260c73c9ea9723ce72c1e6bd8817295

SHA256
5af3c071a39b701437a3d826a1713d623e9f3c2ae6d0b8b03cb15446429f716c

SHA512
f65a8d5c773a305ee9ccb94c4d63905b0c395f0982638374f78c5c1395161e0c667ea82e8527bd4a121f925c967c344faeb8b62a8a5292fa7d7db0300c2bf34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
c53760854573867f6422949f5e89b946

SHA1
4b6d1829a260c73c9ea9723ce72c1e6bd8817295

SHA256
5af3c071a39b701437a3d826a1713d623e9f3c2ae6d0b8b03cb15446429f716c

SHA512
f65a8d5c773a305ee9ccb94c4d63905b0c395f0982638374f78c5c1395161e0c667ea82e8527bd4a121f925c967c344faeb8b62a8a5292fa7d7db0300c2bf34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
f900ac4f3aa4b5db814d992f93db7a5b

SHA1
a33a99fb7cdfed26f384348f972a94524af06b16

SHA256
f686c04a2863fffd6ead4eaa30e8f177f83e8731f3eed3c07e9309d69ed125fd

SHA512
05aa1b862c176d33942d018c048033e3a97e1e80ce9c3f85cffa7a3b7e0582c75d88118f53b04a5fdbf4a6c46f98572f9e48f0a99ee3b0777de1b929f4676d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
f900ac4f3aa4b5db814d992f93db7a5b

SHA1
a33a99fb7cdfed26f384348f972a94524af06b16

SHA256
f686c04a2863fffd6ead4eaa30e8f177f83e8731f3eed3c07e9309d69ed125fd

SHA512
05aa1b862c176d33942d018c048033e3a97e1e80ce9c3f85cffa7a3b7e0582c75d88118f53b04a5fdbf4a6c46f98572f9e48f0a99ee3b0777de1b929f4676d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
3cb4094e9d2af7e8786f2c84b32fe2ca

SHA1
f4f8a8995d74589f4d01a834782f5863c0563779

SHA256
e129c7faf3be08b40afbf683748a2e9b055f237d5aae3df96ecbdb00a74053ed

SHA512
95b35881773375f619b221ce24151a667295e58e345453d2e29b46fb6726f64a29c3fdda9c2b91d84c8e228e3ea204fecf0bfb6dd82a2c36edd6d7282a50442f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
3cb4094e9d2af7e8786f2c84b32fe2ca

SHA1
f4f8a8995d74589f4d01a834782f5863c0563779

SHA256
e129c7faf3be08b40afbf683748a2e9b055f237d5aae3df96ecbdb00a74053ed

SHA512
95b35881773375f619b221ce24151a667295e58e345453d2e29b46fb6726f64a29c3fdda9c2b91d84c8e228e3ea204fecf0bfb6dd82a2c36edd6d7282a50442f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
43a06dab87f523fd6d5c034154dc4416

SHA1
7fdba466cd5c5093e541d3561e8c0d69c9b88d56

SHA256
743d58c20904b91328ef1de7006397322be168f640d40723ad53654b19447d38

SHA512
9d7498f6d63d9388981e32866dd02609bdc622c7902b3e391d165a1659b40a7cc0aa03d1c72ed14ee9683b52bacc994233882a3267ca8a194c01455b264810ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
43a06dab87f523fd6d5c034154dc4416

SHA1
7fdba466cd5c5093e541d3561e8c0d69c9b88d56

SHA256
743d58c20904b91328ef1de7006397322be168f640d40723ad53654b19447d38

SHA512
9d7498f6d63d9388981e32866dd02609bdc622c7902b3e391d165a1659b40a7cc0aa03d1c72ed14ee9683b52bacc994233882a3267ca8a194c01455b264810ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
9c149b668fcb05aff634f0a42f0a509b

SHA1
240040d70f13c648eaf397c53b4749d798602081

SHA256
833eebfba5f4e4580600ad50c45728bf23327952959acf78f3017d2d96a7a7d4

SHA512
91ccf0bebdbe7176214ff4327564b49f5fd36d26ef34c34bbced2f76f4ffa5ce2144c5200915087ce790dbc8b4f74958aaf8e7ba3bbbe0ccd649e848d688a240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
9c149b668fcb05aff634f0a42f0a509b

SHA1
240040d70f13c648eaf397c53b4749d798602081

SHA256
833eebfba5f4e4580600ad50c45728bf23327952959acf78f3017d2d96a7a7d4

SHA512
91ccf0bebdbe7176214ff4327564b49f5fd36d26ef34c34bbced2f76f4ffa5ce2144c5200915087ce790dbc8b4f74958aaf8e7ba3bbbe0ccd649e848d688a240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
5cdc5e0b0e9b3e82c1e0087575163fd7

SHA1
675071e8833cea15879bfb038f8c45ac37eb73ac

SHA256
a250c9a1d78b99188ffebc5307a0a5e5fb817e4909c4ad6a253523c197e4d3a0

SHA512
57459be316970ff0c6d8034a9446f3458d3d52729dc12feb26fbf03f751d3848efa51ff4bfc6fd73a750800575e34780228a51ce5410f20d13e269666baa48e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
11KB

MD5
d20b26827781e5fd636efaa5b48445f7

SHA1
141c4d6088b58df248c158f5aad4271bba764a85

SHA256
b3713d83adc4e1d03aeb7a7c78bdf029c978d4790510d7e0be76fee1d6bc62d7

SHA512
b54595687dc0a8ae2ad2a0a3652c256e6c88feba36575007fd43e70cedab7a529769fd2c7897074e370e9245edb267d533621761573c8e277611842fd8980c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
e97a110e3cef90674806e253219e68fc

SHA1
0b69ded81b5edd4ce3a21679653474b5a46f535c

SHA256
d7fb6f12e86d109014529aa60f29c0ede3493ac17c69f4403ed192b633a23078

SHA512
30ad27ed991dc0bd5566aac15252db805a9892f86c1682f29931e7a0be7288330800bffcb3a2ea54a2195294a183c56b1936c9d810d61dffecdd54d2b2f64d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
e97a110e3cef90674806e253219e68fc

SHA1
0b69ded81b5edd4ce3a21679653474b5a46f535c

SHA256
d7fb6f12e86d109014529aa60f29c0ede3493ac17c69f4403ed192b633a23078

SHA512
30ad27ed991dc0bd5566aac15252db805a9892f86c1682f29931e7a0be7288330800bffcb3a2ea54a2195294a183c56b1936c9d810d61dffecdd54d2b2f64d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
eba8c3bb4b1fb4ed033fd1cdbce3479f

SHA1
c57b32efb3e60b3226aac56d88f88f7f69ce1d43

SHA256
fc98e9e6699f15894500c676847ff41fc78f6b976570464ea0f00463d91d788d

SHA512
cba9c7117737592cff5358925eca5ac3dfc14b2f27f4babff074f344aaca67db196a7bd96d4c0cf2536136f405ae02606bbec521e6fd691d4f884602abc7e6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
8abb2478920032acfd231a6cdcc3bd05

SHA1
98bd59f8137d46035c77d9ad6a9bc6692b2fca02

SHA256
3ef066b3f204828b912222a7f6737f21de6b3f8d9ce45c1b66c977c0f7e1d1a4

SHA512
bc050b22ba5faa448ff8c7bf319a43acbdc7fa06719390f7e94549e52e877e89d9f114eb930aa0915dd61075cfc3ed7b15a1669ffaddd2abd58cd483a68cd565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
22410fcb6aad635ac7708e315fecca06

SHA1
2d245efc465525cf29886d03222b0a99b15b0ab7

SHA256
90b419abc5dacdf2eb7ec04a876a4e142fb5f1b7f83bb93dbb267492eb5b7ee3

SHA512
a77b9b5de23f3b2739459143bbb266eb2ae7820ea67180104cb099ea868edde56525fea162038ab978cad82c868837f1396e352680df465d3ca82699ab094e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
8abb2478920032acfd231a6cdcc3bd05

SHA1
98bd59f8137d46035c77d9ad6a9bc6692b2fca02

SHA256
3ef066b3f204828b912222a7f6737f21de6b3f8d9ce45c1b66c977c0f7e1d1a4

SHA512
bc050b22ba5faa448ff8c7bf319a43acbdc7fa06719390f7e94549e52e877e89d9f114eb930aa0915dd61075cfc3ed7b15a1669ffaddd2abd58cd483a68cd565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
1b0e1cc98d26eb88851c393eaf983f82

SHA1
0bafcd284332573e9b477c627e419f98cdd790e8

SHA256
ef0cfd9db9c7c29677d841394ecd70ab7fbc922c30cd18d4764c4ada037271db

SHA512
f4f0b37f14cbbc3ab8aa76a23a5b17bb40120478ba12249fc07c95abbe4ade3cae29477b12f662643cd4e3bb7fc46af285de40d74ac7088a9732b314a3866f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
15KB

MD5
1b0e1cc98d26eb88851c393eaf983f82

SHA1
0bafcd284332573e9b477c627e419f98cdd790e8

SHA256
ef0cfd9db9c7c29677d841394ecd70ab7fbc922c30cd18d4764c4ada037271db

SHA512
f4f0b37f14cbbc3ab8aa76a23a5b17bb40120478ba12249fc07c95abbe4ade3cae29477b12f662643cd4e3bb7fc46af285de40d74ac7088a9732b314a3866f71

Download Submit
memory/60-134-0x0000000000000000-mapping.dmp

Download
memory/428-156-0x0000000005370000-0x00000000053D6000-memory.dmp

Filesize
408KB

Download
memory/428-144-0x0000000000000000-mapping.dmp

Download
memory/428-176-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/428-187-0x00000000075D0000-0x0000000007666000-memory.dmp

Filesize
600KB

Download
memory/616-132-0x0000000000000000-mapping.dmp

Download
memory/808-133-0x0000000000000000-mapping.dmp

Download
memory/1028-140-0x0000000000000000-mapping.dmp

Download
memory/1052-137-0x0000000000000000-mapping.dmp

Download
memory/1092-153-0x0000000005A70000-0x0000000006098000-memory.dmp

Filesize
6.2MB

Download
memory/1092-175-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/1092-142-0x0000000000000000-mapping.dmp

Download
memory/1212-252-0x0000000000000000-mapping.dmp

Download
memory/1352-214-0x0000000000000000-mapping.dmp

Download
memory/1644-174-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/1644-143-0x0000000000000000-mapping.dmp

Download
memory/1644-182-0x0000000007AE0000-0x0000000007AEA000-memory.dmp

Filesize
40KB

Download
memory/1812-159-0x0000000000000000-mapping.dmp

Download
memory/1816-209-0x0000000000000000-mapping.dmp

Download
memory/2076-162-0x0000000000000000-mapping.dmp

Download
memory/2832-169-0x0000000000000000-mapping.dmp

Download
memory/3100-164-0x0000000000000000-mapping.dmp

Download
memory/3244-163-0x0000000000000000-mapping.dmp

Download
memory/3432-167-0x0000000000000000-mapping.dmp

Download
memory/3500-136-0x0000000000000000-mapping.dmp

Download
memory/3540-161-0x0000000000000000-mapping.dmp

Download
memory/3576-154-0x0000000005260000-0x0000000005282000-memory.dmp

Filesize
136KB

Download
memory/3576-145-0x0000000000000000-mapping.dmp

Download
memory/3576-172-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/3648-178-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/3648-150-0x0000000000000000-mapping.dmp

Download
memory/3652-177-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/3652-196-0x0000000007E60000-0x0000000007E6E000-memory.dmp

Filesize
56KB

Download
memory/3652-149-0x0000000000000000-mapping.dmp

Download
memory/3708-151-0x0000000000000000-mapping.dmp

Download
memory/3956-135-0x0000000000000000-mapping.dmp

Download
memory/4076-181-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/4076-147-0x0000000000000000-mapping.dmp

Download
memory/4284-158-0x0000000000000000-mapping.dmp

Download
memory/4472-155-0x0000000005E90000-0x0000000005EF6000-memory.dmp

Filesize
408KB

Download
memory/4472-148-0x0000000000000000-mapping.dmp

Download
memory/4472-157-0x0000000006660000-0x000000000667E000-memory.dmp

Filesize
120KB

Download
memory/4472-171-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/4472-168-0x0000000007600000-0x0000000007632000-memory.dmp

Filesize
200KB

Download
memory/4556-166-0x0000000000000000-mapping.dmp

Download
memory/4588-141-0x0000000000000000-mapping.dmp

Download
memory/4724-213-0x0000000000000000-mapping.dmp

Download
memory/4744-160-0x0000000000000000-mapping.dmp

Download
memory/4820-139-0x0000000000000000-mapping.dmp

Download
memory/4824-165-0x0000000000000000-mapping.dmp

Download
memory/4928-138-0x0000000000000000-mapping.dmp

Download
memory/4976-197-0x0000000007E20000-0x0000000007E3A000-memory.dmp

Filesize
104KB

Download
memory/4976-152-0x00000000031F0000-0x0000000003226000-memory.dmp

Filesize
216KB

Download
memory/4976-180-0x0000000006DC0000-0x0000000006DDA000-memory.dmp

Filesize
104KB

Download
memory/4976-179-0x00000000081A0000-0x000000000881A000-memory.dmp

Filesize
6.5MB

Download
memory/4976-170-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/4976-173-0x0000000006D60000-0x0000000006D7E000-memory.dmp

Filesize
120KB

Download
memory/4976-146-0x0000000000000000-mapping.dmp

Download
memory/4976-198-0x0000000007E00000-0x0000000007E08000-memory.dmp

Filesize
32KB

Download
memory/5196-211-0x0000000000000000-mapping.dmp

Download
memory/5320-183-0x0000000000000000-mapping.dmp

Download
memory/5320-205-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5332-206-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5332-184-0x0000000000000000-mapping.dmp

Download
memory/5344-208-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5344-185-0x0000000000000000-mapping.dmp

Download
memory/5352-200-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5352-188-0x0000000000000000-mapping.dmp

Download
memory/5364-186-0x0000000000000000-mapping.dmp

Download
memory/5364-203-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5372-189-0x0000000000000000-mapping.dmp

Download
memory/5372-204-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5380-202-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5380-190-0x0000000000000000-mapping.dmp

Download
memory/5388-191-0x0000000000000000-mapping.dmp

Download
memory/5388-210-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5396-192-0x0000000000000000-mapping.dmp

Download
memory/5396-201-0x0000000070AC0000-0x0000000070B0C000-memory.dmp

Filesize
304KB

Download
memory/5612-194-0x0000000000000000-mapping.dmp

Download
memory/5616-218-0x0000000000000000-mapping.dmp

Download
memory/5684-251-0x0000000000000000-mapping.dmp

Download
memory/5820-217-0x0000000000000000-mapping.dmp

Download
memory/5832-199-0x0000000000000000-mapping.dmp

Download
memory/5980-215-0x0000000000000000-mapping.dmp

Download
memory/5984-216-0x0000000000000000-mapping.dmp

Download
memory/6012-207-0x0000000000000000-mapping.dmp

Download
memory/6116-212-0x0000000000000000-mapping.dmp

Download
memory/6380-221-0x0000000000000000-mapping.dmp

Download
memory/6468-225-0x0000000000000000-mapping.dmp

Download
memory/6480-226-0x0000000000000000-mapping.dmp

Download
memory/6504-227-0x0000000000000000-mapping.dmp

Download
memory/6552-228-0x0000000000000000-mapping.dmp

Download
memory/6572-229-0x0000000000000000-mapping.dmp

Download
memory/6616-230-0x0000000000000000-mapping.dmp

Download
memory/6640-231-0x0000000000000000-mapping.dmp

Download
memory/6712-233-0x0000000000000000-mapping.dmp

Download
memory/6724-234-0x0000000000000000-mapping.dmp

Download