Analysis Overview
SHA256
b7a4fcc7f474c091edc09349af5e53915d23f14071d78a3026c92c49d2467989
Threat Level: Likely benign
The file [email protected] was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Runs net.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 11:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 11:25
Reported
2024-06-19 11:27
Platform
win11-20240508-en
Max time kernel
81s
Max time network
121s
Command Line
Signatures
Enumerates physical storage devices
Runs net.exe
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user1 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user2 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user3 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user4 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user5 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user1 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user6 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user7 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user2 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user8 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user4 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user3 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user9 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user10 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user5 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user11 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user6 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user7 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user12 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user8 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user13 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user9 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user14 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user15 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user11 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user10 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user16 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user12 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user13 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user17 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user18 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user15 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user14 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user19 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user20 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user16 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user21 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user22 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user17 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user18 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user23 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user20 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user24 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user19 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user25 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user22 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user26 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user23 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user21 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user27 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user28 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user24 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user29 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user30 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user26 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user25 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user31 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user32 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user27 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user28 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user33 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user30 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user34 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user29 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user35 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user36 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user32 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user31 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user37 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user33 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user34 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user38 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user35 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user39 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user40 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user36 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user37 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user41 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user42 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user38 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user43 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user39 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user44 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user41 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user45 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user46 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user42 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user40 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user47 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user43 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user48 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user45 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user49 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user50 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user46 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user44 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user51 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user52 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user47 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user53 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user48 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user49 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user54 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user50 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user55 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user51 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user56 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user52 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user57 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user58 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user53 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user54 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user59 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user56 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user60 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user55 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user61 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user57 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user58 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user62 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user63 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user64 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user60 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user65 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user59 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user61 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user62 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user66 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user67 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user63 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user68 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user64 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user69 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user65 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user70 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user67 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user66 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user71 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user72 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user73 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user69 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user68 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user74 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user70 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user75 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user76 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user71 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user77 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user72 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user78 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user73 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user74 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user79 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user80 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user75 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user76 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user81 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user78 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user77 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user82 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user79 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user83 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user80 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user84 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user85 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user81 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user86 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user83 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user87 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user82 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user88 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user89 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user84 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user90 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user85 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user86 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user91 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user87 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user92 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user88 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user93 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user94 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user95 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user89 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user96 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user90 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user97 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user92 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user98 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user91 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user99 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user100 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user101 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user93 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user102 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user103 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user104 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user96 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user105 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user94 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user95 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user97 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user106 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user107 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user98 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user108 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user99 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user100 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user109 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user110 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user111 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user112 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user113 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user103 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user114 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user102 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user104 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user101 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user115 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user106 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user105 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user116 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user107 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user108 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user117 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user118 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user119 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user110 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user120 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user111 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user112 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user121 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user122 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user109 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user114 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user123 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user113 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user115 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user124 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user125 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user116 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user117 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user126 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user118 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user127 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user122 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user120 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user128 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user119 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user129 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user130 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user131 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user132 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user133 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user134 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user123 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user121 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user135 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user125 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user136 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user124 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user137 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user126 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user138 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user139 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user128 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user127 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user140 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user141 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user133 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user142 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user143 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user129 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user131 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user130 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user132 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user135 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user134 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user144 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user145 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user146 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user147 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user136 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user148 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user149 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user138 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user150 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user137 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user139 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user151 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user152 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user140 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user144 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user153 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user141 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user142 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user154 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user143 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user155 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user145 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user146 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user156 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user157 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user147 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user158 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user148 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user149 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user159 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user160 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user150 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user151 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user161 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user154 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user156 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user162 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user153 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user155 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user163 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user164 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user152 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user165 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user166 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user167 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user168 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user159 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user169 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user157 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user158 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user160 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user161 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user170 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user162 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user163 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user171 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user172 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user173 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user166 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user174 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user164 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user175 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user176 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user177 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user169 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user165 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user168 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user178 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user179 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user170 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user167 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user171 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user180 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user172 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user181 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user173 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user182 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user177 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user174 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user175 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user176 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user183 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user184 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user178 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user179 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user185 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user186 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user180 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user187 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user188 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user189 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user190 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user181 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user182 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user191 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user183 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user192 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user193 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user194 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user186 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user184 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user185 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user187 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user188 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user189 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user190 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user192 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user193 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user191 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user194 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user195 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user196 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user197 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user198 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user195 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user196 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user199 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user200 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user201 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user202 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user198 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user197 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user203 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user199 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user204 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user200 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user205 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user206 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user207 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user201 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user202 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user208 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user203 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user204 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user209 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user210 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user205 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user207 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user206 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user211 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user212 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user208 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user213 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user209 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user214 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user210 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user215 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user211 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user216 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user217 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user212 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user213 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user214 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user218 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user219 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user215 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user220 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user221 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user216 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user222 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user217 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user218 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user223 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user219 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user220 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user224 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user221 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user225 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user226 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user223 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user222 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user227 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user224 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user228 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user225 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user229 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user226 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user230 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user227 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user231 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user232 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user233 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user234 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user235 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user236 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user237 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user228 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user238 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user229 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user239 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user240 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user233 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user230 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user241 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user242 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user238 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user236 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user237 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user234 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user235 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user243 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user244 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user231 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user232 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user241 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user245 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user239 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user246 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user240 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user242 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user247 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user243 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user248 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user249 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user250 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user251 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user252 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user244 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user253 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user254 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user255 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user256 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user245 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user257 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user258 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user246 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user259 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user260 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user261 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user262 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user263 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user264 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user265 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user266 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user267 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user268 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user269 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user247 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user270 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user271 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user272 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user273 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user274 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user275 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user276 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user277 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user278 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user279 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user280 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user281 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user282 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user250 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user252 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user283 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user284 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user285 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user286 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user287 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user288 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user289 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user290 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user253 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user269 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user268 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user264 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user262 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user291 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user256 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user255 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user248 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user258 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user267 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user249 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user270 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user292 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user266 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user261 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user260 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user257 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user251 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user263 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user254 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user265 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user259 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user275 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user293 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user271 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user281 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user274 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user273 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user290 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user282 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user272 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user276 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user283 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user294 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user280 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user277 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user279 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user284 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user295 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user278 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user289 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user285 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user287 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user292 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user286 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user288 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user291 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user296 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user293 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user297 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user298 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user299 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user294 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user296 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user300 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user295 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user301 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user302 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user303 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user297 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user304 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user305 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user306 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user307 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user308 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user309 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user310 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user311 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user312 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user313 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user314 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user315 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user316 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user298 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user299 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user317 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user318 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user319 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user320 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user321 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user322 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user323 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user324 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user300 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user325 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user326 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user327 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user328 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user329 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user330 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user331 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user301 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user302 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user332 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user333 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user334 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user335 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user336 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user337 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user338 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user305 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user339 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user308 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user316 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user340 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user310 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user303 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user341 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user342 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user307 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user343 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user344 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user345 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user309 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user312 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user306 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user346 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user313 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user315 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user304 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user311 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user347 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user348 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user314 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user349 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user350 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user351 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user352 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user318 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user353 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user354 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user355 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user356 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user322 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user357 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user358 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user359 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user331 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user360 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user361 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user362 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user363 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user364 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user323 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user317 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user333 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user328 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user319 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user339 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user365 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user337 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user334 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user366 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user329 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user324 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user332 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user336 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user367 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user320 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user330 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user327 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user368 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user369 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user370 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user321 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user371 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user372 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user326 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user325 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user340 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user373 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user335 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user338 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user374 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user342 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user341 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user344 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user375 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user343 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user345 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user348 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user347 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user354 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user346 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user355 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user350 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user349 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user353 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user364 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user357 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user352 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user359 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user369 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user368 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user363 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user356 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user370 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user351 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user361 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user367 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user365 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user362 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user358 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user360 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user366 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user373 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user372 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user371 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user374 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user375 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user376 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user377 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user378 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user379 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user380 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user381 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user376 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user377 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user382 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user378 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user379 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user383 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user384 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user380 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user385 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user386 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user382 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user381 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user383 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user387 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user388 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user389 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user384 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user390 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user391 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user392 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user385 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user393 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user394 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user395 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user396 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user397 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user398 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user399 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user386 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user400 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user388 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user401 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user387 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user402 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user403 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user390 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user404 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user405 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user406 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user407 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user408 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user391 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user409 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user410 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user411 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user412 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user413 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user414 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user415 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user416 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user417 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user418 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user392 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user389 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user419 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user420 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user421 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user422 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user396 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user397 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user423 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user424 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user393 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user425 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user426 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user427 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user394 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user398 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user428 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user406 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user395 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user402 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user399 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user429 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user404 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user430 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user420 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user400 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user431 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user425 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user423 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user418 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user424 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user413 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user408 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user432 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user427 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user410 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user407 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user409 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user411 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user401 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user422 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user414 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user412 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user433 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user417 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user403 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user419 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user405 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user421 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user416 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user426 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user415 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user428 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user434 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user429 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user435 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user430 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user436 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user431 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user432 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user437 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user433 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user438 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user435 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user439 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user434 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user440 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user436 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user441 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user437 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user442 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user438 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user439 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user440 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user442 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user441 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user443 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user444 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user445 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user446 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user447 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user443 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user444 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user448 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user449 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user445 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user450 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user446 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user451 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user447 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user452 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user448 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user453 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user449 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user454 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user450 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user455 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user452 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user456 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user451 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user457 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user458 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user454 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user459 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user455 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user453 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user460 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user461 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user456 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user462 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user457 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user463 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user460 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user464 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user459 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user458 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user465 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user461 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user466 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user462 deatch /add
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user463 deatch /add
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user467 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" user user468 deatch /add
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user user464 deatch /add
Network
| Country | Destination | Domain | Proto |
| GB | 184.28.176.26:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 13.89.179.10:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs-nocache.azureedge.net | tcp |
| JP | 104.215.5.225:443 | 7c890747c523e43cead5feb4f707f953.azr.footprintdns.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
Files
memory/5060-1-0x000000000064B000-0x000000000064C000-memory.dmp
memory/5060-0-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-2-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-3-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-8-0x0000000000400000-0x0000000000650000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5060-25-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-30-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-31-0x0000000000400000-0x0000000000650000-memory.dmp
memory/5060-33-0x0000000000400000-0x0000000000650000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 11:25
Reported
2024-06-19 11:28
Platform
macos-20240611-en
Max time kernel
141s
Max time network
147s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/[email protected]"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/[email protected]"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/[email protected]]
/bin/zsh
[/bin/zsh -c /Users/run/[email protected]]
/Users/run/[email protected]
[/Users/run/[email protected]]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pluginkit.pkd]
/usr/libexec/pkd
[/usr/libexec/pkd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputMenuAgent]
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputSwitcher]
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 584]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.preference.notifications.remoteservice 584]
/System/Library/PreferencePanes/Notifications.prefPane/Contents/XPCServices/com.apple.preference.notifications.remoteservice.xpc/Contents/MacOS/com.apple.preference.notifications.remoteservice
[/System/Library/PreferencePanes/Notifications.prefPane/Contents/XPCServices/com.apple.preference.notifications.remoteservice.xpc/Contents/MacOS/com.apple.preference.notifications.remoteservice]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.4AC59705-C5F6-4C4A-957C-638CB3BE17E9 602]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2E18A62F/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.E3FE4471-B760-400A-8E16-6E4DD8B5C0D0 602]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 602]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SafeBrowsing.Service]
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.1954643C-C568-4402-A6A2-B8EA075A3685 602]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bag-cdn.itunes-apple.com.akadns.net | udp |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.77.118.129:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| FR | 15.237.18.235:443 | api-glb-aeuw3b.smoot.apple.com | tcp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | cdn2.smoot.apple.com | udp |
| US | 8.8.8.8:53 | cdn.smoot.apple.com | udp |
| GB | 17.253.77.201:443 | cdn.smoot.apple.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.29.213:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | e528863522ec78e22d41392c18c81054 |
| SHA1 | 09689eb0fc8e0e2f2f6c1bae2c0fac7d24983f62 |
| SHA256 | d5beb39e6137d1fbe62dcfaa559174116c5400e3b2786f174ce21b33bcd2322c |
| SHA512 | 20a3298fe4b09e1c606c24807e40f15a4d8694b31796a0dd276b63586c4f56563e95fec1e121b85a288a2d8c270e8fafad4f2d66908af25202f05bf051b7ac26 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
| MD5 | dec2646aaab452a09beeb50e96041a0c |
| SHA1 | c4c9feee39b406affe0cc40bb3b6a57e7901bfe4 |
| SHA256 | 63a9c72dc0d8b61009917e37928e15268e4dcaaf7ee311f808cd2fb696ba0a1d |
| SHA512 | 66f57e8a9f321c7f0b1a6cdb967ece18bd0197558703c7b309418432a63f97cb45d0954ccc6347be51515edbfac61335285e72ee85a332f1b8e55d422ea45892 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
| MD5 | cb876e758d093eddb6e936804fd0e1b6 |
| SHA1 | a1dca144abc68c4778934d6bcd93aa742fa691c2 |
| SHA256 | b2c133ac9a9d0ad99cee3e28f1c4a6e4d07581b08ee45eca3332276e69c153f0 |
| SHA512 | 4498a19849f50928463ef14f6f438265340948fb921247bdd9003876340cb03dd38e2bc18cfb5b09d4bbf46c4fbdfca655b09b2c6637e026848fea015e6740b3 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
| MD5 | 129ed8c78aa8bd7155ad1cc611e4bfbf |
| SHA1 | a737130d37dcdbaa725d4423b3b38af3a260b22e |
| SHA256 | 8e7df638fa57b55f5bc8cf3b74d4ef72db4fbe3d82a1aae93c1abca5dde29be6 |
| SHA512 | ea441fbab61b2df8f6977894cb228087e8680593872cbfa043db092d3067461f1d882008ac0041da9d7949bfb6243095863b5bad0a76e8b7d20b31858878d2bc |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 238cdc1eff71b3ffe981fb800693d92a |
| SHA1 | b32975a0b39e5cf278bf63eecd470fe29a382f88 |
| SHA256 | e180ec518e18fbaeeeb95f52f811bc195ccf01f1cc33bcf4defca5b180f93733 |
| SHA512 | 5fef385d53a6e88051d05d4ff32f12282e5fdcb267a26f0b3da08324e4230d4cce89517a77ee1650115b23d226f41541e586cd6ea6c68fa0c5b42c11bb127d7a |