Malware Analysis Report

2024-11-16 12:47

Sample ID 240806-kcm92avarn
Target Melted.exe
SHA256 cb7bc92eeb0b7161c624d8a48949621234e09bb9ed315d1397ce01b72d60e986
Tags
aspackv2 discovery exploit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cb7bc92eeb0b7161c624d8a48949621234e09bb9ed315d1397ce01b72d60e986

Threat Level: Known bad

The file Melted.exe was found to be: Known bad.

Malicious Activity Summary

aspackv2 discovery exploit persistence

Modifies WinLogon for persistence

Boot or Logon Autostart Execution: Active Setup

Possible privilege escalation attempt

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Modifies file permissions

ASPack v2.12-2.42

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in System32 directory

Enumerates physical storage devices

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Kills process with taskkill

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-06 08:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-06 08:27

Reported

2024-08-06 08:31

Platform

win7-20240708-en

Max time kernel

51s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," C:\Windows\SysWOW64\reg.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Users\Admin\Desktop\9934\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\4352\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\21740\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\9934\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\25611\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\17396\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\4352\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\23601\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\7383\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\21740\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\Recycle Bin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
File created C:\Users\Admin\Desktop\29874\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\22248\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\32401\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\22248\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\2199\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\7383\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\29874\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\2199\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\17396\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\15515\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\16552\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\23601\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\32401\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\15515\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
File created C:\Users\Admin\Desktop\25611\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\16552\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\SysWOW64\mountvol.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\xcopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 824 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 2908 wrote to memory of 2612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2908 wrote to memory of 2612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2908 wrote to memory of 2612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2908 wrote to memory of 2612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2908 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 1196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2120 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 2104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2908 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2952 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2952 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2952 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2952 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 2148 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2908 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
PID 2908 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
PID 2908 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
PID 2908 wrote to memory of 1992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
PID 2908 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2908 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2908 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2908 wrote to memory of 2312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2908 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2908 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2908 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2908 wrote to memory of 2000 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2908 wrote to memory of 2972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
PID 2908 wrote to memory of 2972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
PID 2908 wrote to memory of 2972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
PID 2908 wrote to memory of 2972 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
PID 2908 wrote to memory of 1920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
PID 2908 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
PID 2908 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
PID 2908 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
PID 2908 wrote to memory of 1584 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1584 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1584 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2908 wrote to memory of 1584 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Melted.exe

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\main.bat" "

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im smartscreen.exe

C:\Windows\SysWOW64\mountvol.exe

mountvol D:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol E:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol F:\ /d

C:\Windows\SysWOW64\reg.exe

reg import desktop.reg

C:\Windows\SysWOW64\reg.exe

reg import fonts.reg

C:\Windows\SysWOW64\reg.exe

reg import logonui.reg

C:\Windows\SysWOW64\reg.exe

reg import winupdate.reg

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe

b.exe

C:\Windows\SysWOW64\xcopy.exe

xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K ping.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe

fb.exe

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe

e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe

flash.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K copypastel.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\i.exe

i.exe

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk.exe

sk.exe

C:\Windows\SysWOW64\takeown.exe

takeown C:\Windows\SystemResources\* Admin

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9934" /is

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25611" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2199" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16552" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23601" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\7383" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29874" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe

e.exe /min

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\SystemResources\* /Grant:Admin

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe

g.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17396" /is

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21740" /is

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K boohoo.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe

t.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 10

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4352" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32401" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22248" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk2.exe

sk2.exe

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe

e.exe

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk3.exe

sk3.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15515" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\7690" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g_.exe

g_.exe /min

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"

Network

N/A

Files

memory/824-0-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

memory/824-1-0x0000000000090000-0x000000000011C000-memory.dmp

memory/824-2-0x0000000000500000-0x0000000000524000-memory.dmp

memory/824-3-0x0000000074CB0000-0x000000007539E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\main.bat

MD5 825eb7b95953eb1c3a2e967453c082b8
SHA1 96813f5583e8bb6b0926fd2ccf50d351472f09d5
SHA256 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c
SHA512 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\desktop.reg

MD5 6bc57fa8fb4a2814c99ea72bc6c4c2b1
SHA1 c881f1a7965846d3e554ff1709553d2c8ed14043
SHA256 d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a
SHA512 dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fonts.reg

MD5 37c8a133cc59f9cf21424fa3be153ee4
SHA1 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2
SHA256 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a
SHA512 ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\logonui.reg

MD5 b231e874f320daa87923d4aa38040d06
SHA1 498817057bc92251d721d4b44afca99fbe103696
SHA256 b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8
SHA512 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\winupdate.reg

MD5 9bad97ae7f640e56717304a068504ef6
SHA1 2fd3fffeee98b90597cb650298732391739ed374
SHA256 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1
SHA512 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478

\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe

MD5 404f9af788af52e74bf0f55edcd92b87
SHA1 17f4becaccaf6868bf5783caf7f88b1b6dc13a32
SHA256 db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0
SHA512 e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae

\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe

MD5 fa7cd30068f56e079841e36d16bce5c4
SHA1 49237ab087b28847eb1a01eb699ee99093df6afa
SHA256 c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9
SHA512 a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\ping.cmd

MD5 6af387fe39e874c82157ca8aba697458
SHA1 ea9487f8f1c3d19be955a78a909911aac566ef2b
SHA256 fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d
SHA512 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe

MD5 c085484b593c7089907af551de309a05
SHA1 f503ae9f559fd76073578686d2193a6956747fea
SHA256 b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2
SHA512 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\VCRUNTIME140D.dll

MD5 ee7fbf8768a87ea64ad4890540ce48f9
SHA1 bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b
SHA256 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe
SHA512 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80

memory/1936-61-0x000000013FD90000-0x000000013FDB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\ucrtbased.dll

MD5 c3130cfb00549a5a92da60e7f79f5fc9
SHA1 56c2e8fb1af609525b0f732bb67b806bddab3752
SHA256 eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
SHA512 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748

memory/2908-60-0x0000000000170000-0x0000000000196000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe

MD5 9254ca1da9ff8ad492ca5fa06ca181c6
SHA1 70fa62e6232eae52467d29cf1c1dacb8a7aeab90
SHA256 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
SHA512 a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\i.exe

MD5 cea5426da515d43c88132a133f83ce68
SHA1 0c224d0bb777f1e3b186fdf58cc82860d96805cc
SHA256 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78
SHA512 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk.exe

MD5 cea26a633f1f3fd621382dad166466d8
SHA1 82d4d90bb6782b0c72deec431a3377e30d34c3e8
SHA256 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441
SHA512 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\copypastel.cmd

MD5 22276a82790d962885ed81f4afaa12e3
SHA1 fbd254c68e04eae009e4bdf718332d01c18087c7
SHA256 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f
SHA512 c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0

memory/1936-76-0x000000013FD90000-0x000000013FDB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\desktop.ini

MD5 0b95bbe6e14257a6af62cf912ac723dc
SHA1 7995e2b5fb5c2c758161e04000bc8af4e1294374
SHA256 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062
SHA512 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1

memory/884-112-0x000000013F0B0000-0x000000013F0D6000-memory.dmp

memory/2908-111-0x0000000000170000-0x0000000000196000-memory.dmp

\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe

MD5 ea64d01d756080b86e8e5af63ed6eb50
SHA1 008634fbd4cd348165dbe540ea529f27bd39e5c0
SHA256 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7
SHA512 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0

memory/2784-131-0x000000013F170000-0x000000013F196000-memory.dmp

memory/2908-130-0x0000000000170000-0x0000000000196000-memory.dmp

memory/2908-174-0x0000000000550000-0x0000000000552000-memory.dmp

memory/2984-175-0x0000000000220000-0x0000000000222000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe

MD5 9e0c60453cdea093fa4c6762f9b1fda9
SHA1 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3
SHA256 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781
SHA512 fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96

memory/1652-184-0x000000013FBF0000-0x000000013FC17000-memory.dmp

memory/2908-183-0x0000000000560000-0x0000000000587000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\boohoo.cmd

MD5 d53097e0265a7589f56bfd43c2ab92d6
SHA1 c5cefc1eed9bd1eff1c32aca735af24135a1bd99
SHA256 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c
SHA512 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs

MD5 781df8e151e1d1bb97b691bc81a2619a
SHA1 cdd28747902e08da1656bb764d4d06f773c0eb2b
SHA256 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da
SHA512 b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs

MD5 d86806b3929e8deb8ab3af50ff31983a
SHA1 f038800743d28f70962acda6281bbdc5a5f0fca4
SHA256 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab
SHA512 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5

memory/824-604-0x0000000074CBE000-0x0000000074CBF000-memory.dmp

memory/824-674-0x0000000074CB0000-0x000000007539E000-memory.dmp

memory/1268-725-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2908-726-0x0000000000170000-0x0000000000196000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk2.exe

MD5 4fa84323d9988c8ce77d9f3eee327808
SHA1 5b475529847b707791b18e621337bee880ee9dc6
SHA256 e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89
SHA512 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5

memory/2908-865-0x0000000000170000-0x0000000000196000-memory.dmp

memory/2908-872-0x0000000000560000-0x0000000000586000-memory.dmp

memory/1652-871-0x000000013FBF0000-0x000000013FC17000-memory.dmp

memory/2908-870-0x0000000000560000-0x0000000000587000-memory.dmp

memory/2896-879-0x000000013F0F0000-0x000000013F116000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk3.exe

MD5 4dd87b1eb9e6ab5cadafa876917f34aa
SHA1 e46c529797a14acd0dc135ccf0b0144acc53e53b
SHA256 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3
SHA512 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515

memory/2908-981-0x0000000000560000-0x0000000000586000-memory.dmp

memory/2896-1005-0x000000013F0F0000-0x000000013F116000-memory.dmp

memory/1268-1099-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1143-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1293-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1338-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1362-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1366-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1410-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1414-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1268-1438-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2908-1467-0x0000000000560000-0x0000000000589000-memory.dmp

\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g_.exe

MD5 3cb72c753dd5e198792d1e0be81f7e2b
SHA1 8a55b72a998bf8362a12f68ee8c4801a5a24754c
SHA256 be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97
SHA512 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70

memory/4036-1472-0x000000013FBD0000-0x000000013FBF9000-memory.dmp

memory/2908-1498-0x0000000000560000-0x0000000000589000-memory.dmp

memory/1268-1523-0x0000000000400000-0x00000000004A4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-06 08:27

Reported

2024-08-06 08:31

Platform

win10-20240611-en

Max time kernel

7s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" C:\Windows\SysWOW64\reg.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\Recycle Bin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\SysWOW64\mountvol.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\xcopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mountvol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1576 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 1576 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 1576 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 5032 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5032 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5032 wrote to memory of 1868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5032 wrote to memory of 2328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 2328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 2328 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 4800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 4800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 4800 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 192 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 5032 wrote to memory of 692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4340 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4404 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 4676 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 5032 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe
PID 5032 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe
PID 5032 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe
PID 5032 wrote to memory of 4436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5032 wrote to memory of 4436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5032 wrote to memory of 4436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5032 wrote to memory of 224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 5032 wrote to memory of 224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 5032 wrote to memory of 224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 5032 wrote to memory of 228 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe
PID 5032 wrote to memory of 228 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe
PID 5032 wrote to memory of 228 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe
PID 5032 wrote to memory of 4848 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 5032 wrote to memory of 4848 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 5032 wrote to memory of 4848 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 5032 wrote to memory of 4700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
PID 5032 wrote to memory of 4700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
PID 5032 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 5032 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 5032 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Melted.exe

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\main.bat" "

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im smartscreen.exe

C:\Windows\SysWOW64\mountvol.exe

mountvol D:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol E:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol F:\ /d

C:\Windows\SysWOW64\reg.exe

reg import desktop.reg

C:\Windows\SysWOW64\reg.exe

reg import fonts.reg

C:\Windows\SysWOW64\reg.exe

reg import logonui.reg

C:\Windows\SysWOW64\reg.exe

reg import winupdate.reg

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe

b.exe

C:\Windows\SysWOW64\xcopy.exe

xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K ping.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe

fb.exe

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe

e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\flash.exe

flash.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K copypastel.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe

i.exe

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk.exe

sk.exe

C:\Windows\SysWOW64\takeown.exe

takeown C:\Windows\SystemResources\* Admin

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3dc

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9974" /is

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10605" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27670" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21134" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25132" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5609" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe

e.exe /min

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\SystemResources\* /Grant:Admin

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g.exe

g.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\629" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21558" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15875" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26320" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5547" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5818" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26910" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\1248" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16726" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26528" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6708" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16777" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28519" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30051" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4239" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23407" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\162" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15344" /is

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K boohoo.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\t.exe

t.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 10

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25743" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21225" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17698" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk2.exe

sk2.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16681" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe

e.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk3.exe

sk3.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10280" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\3717" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17619" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8549" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe

g_.exe /min

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ending.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im g.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22368" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk2.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk3.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im t.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im i.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20354" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im fb.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe

g_.exe

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe

i.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22518" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27629" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6354" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30292" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4001" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20353" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20013" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5923" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28220" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5841" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29877" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24140" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28677" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29956" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21953" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17630" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25485" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8757" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\1852" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5407" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4665" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\18417" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15397" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16133" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14529" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15802" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25871" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\31933" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20404" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5511" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/1576-0-0x00007FFB9F7D0000-0x00007FFB9F9AB000-memory.dmp

memory/1576-1-0x0000000000520000-0x00000000005AC000-memory.dmp

memory/1576-2-0x0000000000F60000-0x0000000000F84000-memory.dmp

memory/1576-3-0x0000000005370000-0x000000000586E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\main.bat

MD5 825eb7b95953eb1c3a2e967453c082b8
SHA1 96813f5583e8bb6b0926fd2ccf50d351472f09d5
SHA256 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c
SHA512 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\desktop.reg

MD5 6bc57fa8fb4a2814c99ea72bc6c4c2b1
SHA1 c881f1a7965846d3e554ff1709553d2c8ed14043
SHA256 d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a
SHA512 dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fonts.reg

MD5 37c8a133cc59f9cf21424fa3be153ee4
SHA1 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2
SHA256 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a
SHA512 ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\logonui.reg

MD5 b231e874f320daa87923d4aa38040d06
SHA1 498817057bc92251d721d4b44afca99fbe103696
SHA256 b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8
SHA512 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\winupdate.reg

MD5 9bad97ae7f640e56717304a068504ef6
SHA1 2fd3fffeee98b90597cb650298732391739ed374
SHA256 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1
SHA512 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe

MD5 404f9af788af52e74bf0f55edcd92b87
SHA1 17f4becaccaf6868bf5783caf7f88b1b6dc13a32
SHA256 db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0
SHA512 e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe

MD5 fa7cd30068f56e079841e36d16bce5c4
SHA1 49237ab087b28847eb1a01eb699ee99093df6afa
SHA256 c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9
SHA512 a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ping.cmd

MD5 6af387fe39e874c82157ca8aba697458
SHA1 ea9487f8f1c3d19be955a78a909911aac566ef2b
SHA256 fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d
SHA512 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe

MD5 c085484b593c7089907af551de309a05
SHA1 f503ae9f559fd76073578686d2193a6956747fea
SHA256 b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2
SHA512 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ucrtbased.dll

MD5 c3130cfb00549a5a92da60e7f79f5fc9
SHA1 56c2e8fb1af609525b0f732bb67b806bddab3752
SHA256 eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
SHA512 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748

memory/4700-55-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp

\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\vcruntime140d.dll

MD5 ee7fbf8768a87ea64ad4890540ce48f9
SHA1 bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b
SHA256 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe
SHA512 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\flash.exe

MD5 9254ca1da9ff8ad492ca5fa06ca181c6
SHA1 70fa62e6232eae52467d29cf1c1dacb8a7aeab90
SHA256 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
SHA512 a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe

MD5 cea5426da515d43c88132a133f83ce68
SHA1 0c224d0bb777f1e3b186fdf58cc82860d96805cc
SHA256 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78
SHA512 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk.exe

MD5 cea26a633f1f3fd621382dad166466d8
SHA1 82d4d90bb6782b0c72deec431a3377e30d34c3e8
SHA256 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441
SHA512 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\copypastel.cmd

MD5 22276a82790d962885ed81f4afaa12e3
SHA1 fbd254c68e04eae009e4bdf718332d01c18087c7
SHA256 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f
SHA512 c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0

memory/4700-70-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\desktop.ini

MD5 0b95bbe6e14257a6af62cf912ac723dc
SHA1 7995e2b5fb5c2c758161e04000bc8af4e1294374
SHA256 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062
SHA512 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1

memory/4396-89-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp

memory/4620-95-0x00007FF6AA250000-0x00007FF6AA276000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g.exe

MD5 ea64d01d756080b86e8e5af63ed6eb50
SHA1 008634fbd4cd348165dbe540ea529f27bd39e5c0
SHA256 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7
SHA512 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\t.exe

MD5 9e0c60453cdea093fa4c6762f9b1fda9
SHA1 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3
SHA256 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781
SHA512 fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96

memory/3804-140-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/3492-141-0x00007FF7C4CE0000-0x00007FF7C4D07000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\boohoo.cmd

MD5 d53097e0265a7589f56bfd43c2ab92d6
SHA1 c5cefc1eed9bd1eff1c32aca735af24135a1bd99
SHA256 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c
SHA512 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs

MD5 781df8e151e1d1bb97b691bc81a2619a
SHA1 cdd28747902e08da1656bb764d4d06f773c0eb2b
SHA256 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da
SHA512 b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs

MD5 d86806b3929e8deb8ab3af50ff31983a
SHA1 f038800743d28f70962acda6281bbdc5a5f0fca4
SHA256 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab
SHA512 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk2.exe

MD5 4fa84323d9988c8ce77d9f3eee327808
SHA1 5b475529847b707791b18e621337bee880ee9dc6
SHA256 e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89
SHA512 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5

memory/6108-164-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk3.exe

MD5 4dd87b1eb9e6ab5cadafa876917f34aa
SHA1 e46c529797a14acd0dc135ccf0b0144acc53e53b
SHA256 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3
SHA512 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515

memory/3804-178-0x0000000000400000-0x00000000004A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe

MD5 3cb72c753dd5e198792d1e0be81f7e2b
SHA1 8a55b72a998bf8362a12f68ee8c4801a5a24754c
SHA256 be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97
SHA512 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70

memory/5776-184-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ending.vbs

MD5 774cada5baf571a414c25e2ae8931762
SHA1 6ae662e045bff78ec42cc58329288c7578e860d6
SHA256 88d3fb6210f75a39337920ecbccfd0af4e4a5b9e7bf4a3bcd5366346bf7e66b6
SHA512 183e44ac3c9be05e49bd6ddc58a4cc2a5d8517fccc8a1c2615b4b91c288beb410dea03ab79b2dc40a71036955e39afb47431900610905c3d2bb07eb1261c8845

C:\Users\Admin\Desktop\notepad.exe

MD5 fa9f7bb1f8a598722aecd2a2d9df20ef
SHA1 ca7589c55e31869108c744e1002f8a402a2bbaa6
SHA256 a1e2dffdbd83c5086753a81437b03439d213661fc7818b9ceb5327110a794023
SHA512 a86a3b98b5b73a68440a134d617d6d313dcf7cd4fb59a7724deabc7222c1a72c7f974ee3d5b8127310fa5b35f9a0615b89e6f3d61d6bb79713d5c84cc9063ea7

C:\Users\Admin\Desktop\mspaint.exe

MD5 88ba36bb650ba85faffb70565de79c99
SHA1 59893b9fa90ea9d09d212c921d435e5a6972bd68
SHA256 dee04fa8fb3d3dcb7320c0548bbbe8c5529f1357694e77250d17e53989faefa0
SHA512 13fddb4105b012a6f95a36667cea5a0a12d773ac384642ebc8ca4e4b7cc00b4740413ea8edfd1fbc7ab618e96469f659fa14b9cf30e7b601672b961010a66f44

C:\Users\Admin\Desktop\wscript.exe

MD5 0e4c497ee4fd246cefe7b0c4fe965ef6
SHA1 7fd5a5d1a8e673fac52c74c475aa71bd73b4bed2
SHA256 e48e84547698932d978d1e9d097843a2261c5a27d651fe970658a86a058e26f1
SHA512 c5b97df16b3b6b28de16f1a53505fa1bc0377e1664b025b78cc37a2907b364c57b47213a443ef537b1541f9bb2a642b5d8a0be6641f186cfecebe4cb82626360

memory/11100-211-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp

memory/5776-250-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp

memory/11100-264-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-06 08:27

Reported

2024-08-06 08:34

Platform

win10v2004-20240802-en

Max time kernel

388s

Max time network

337s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," C:\Windows\SysWOW64\reg.exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\17796\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\15457\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\13364\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\29754\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\5069\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\22665\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\Recycle Bin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
File created C:\Users\Admin\Desktop\4135\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\7607\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\21825\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\24459\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\20296\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\16800\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\29051\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\14553\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\17743\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\24903\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\11287\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\8852\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\20681\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\22231\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\567\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\28543\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\26723\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\13092\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\4129\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\5078\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\6459\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\24786\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\5068\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\19067\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\6319\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\20207\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\30918\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\12969\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\19027\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\26463\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\29793\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\817\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\26683\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\7969\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\6544\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\12708\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\31815\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\14086\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\4538\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\13517\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\27536\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\12739\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\10900\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\11323\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\desktop.ini C:\Users\Admin\AppData\Local\Temp\Melted.exe N/A
File created C:\Users\Admin\Desktop\21825\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\25545\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\12051\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\14086\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\12322\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\12414\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\18779\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File created C:\Users\Admin\Desktop\18779\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\15150\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\26899\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\26463\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A
File opened for modification C:\Users\Admin\Desktop\32109\desktop.ini C:\Windows\SysWOW64\Robocopy.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\SysWOW64\mountvol.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\mspaint.exe C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\mspaint.exe C:\Windows\SysWOW64\cmd.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Robocopy.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\SysWOW64\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\SysWOW64\cmd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{51357238-4892-47FB-B1F9-955EE71CAB44} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\SysWOW64\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Robocopy.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3308 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 3308 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 3308 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\Melted.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 3052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 1692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 1692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 1692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 2296 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mountvol.exe
PID 2528 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 3688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 2500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 3544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 3544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 3544 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 5056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 5056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 5056 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 2528 wrote to memory of 2080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe
PID 2528 wrote to memory of 2080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe
PID 2528 wrote to memory of 2080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe
PID 2528 wrote to memory of 3692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2528 wrote to memory of 3692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2528 wrote to memory of 3692 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2528 wrote to memory of 4480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 4480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 4480 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 1644 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe
PID 2528 wrote to memory of 1644 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe
PID 2528 wrote to memory of 1644 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe
PID 2528 wrote to memory of 5032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 5032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 5032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 4556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 4556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 4860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 4860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 4860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2528 wrote to memory of 1472 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe
PID 2528 wrote to memory of 1472 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe
PID 2528 wrote to memory of 1472 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe
PID 2528 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 2528 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 2528 wrote to memory of 2236 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WScript.exe
PID 2528 wrote to memory of 1104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 1104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 1104 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2528 wrote to memory of 3424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3424 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe
PID 2528 wrote to memory of 3288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe
PID 2528 wrote to memory of 3288 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe
PID 2528 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2528 wrote to memory of 3320 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Melted.exe

"C:\Users\Admin\AppData\Local\Temp\Melted.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\main.bat" "

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im smartscreen.exe

C:\Windows\SysWOW64\mountvol.exe

mountvol D:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol E:\ /d

C:\Windows\SysWOW64\mountvol.exe

mountvol F:\ /d

C:\Windows\SysWOW64\reg.exe

reg import desktop.reg

C:\Windows\SysWOW64\reg.exe

reg import fonts.reg

C:\Windows\SysWOW64\reg.exe

reg import logonui.reg

C:\Windows\SysWOW64\reg.exe

reg import winupdate.reg

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe

b.exe

C:\Windows\SysWOW64\xcopy.exe

xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K ping.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe

fb.exe

C:\Windows\SysWOW64\timeout.exe

timeout 1

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe

e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe

flash.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K copypastel.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe

i.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe

sk.exe

C:\Windows\SysWOW64\takeown.exe

takeown C:\Windows\SystemResources\* Admin

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9970" /is

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25509" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x45c 0x2ec

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17355" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\18021" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8621" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5757" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11258" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32134" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21825" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe

e.exe /min

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\SystemResources\* /Grant:Admin

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24490" /is

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe

g.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26899" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23571" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12307" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12708" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6733" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23527" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25545" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\31815" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26463" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25472" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5068" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20307" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14086" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12414" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5069" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\3307" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30083" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21032" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13885" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11287" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27418" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13287" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10964" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2882" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8852" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14280" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27915" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21181" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24510" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24830" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17057" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26426" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9704" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\3678" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\18970" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27729" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20071" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17634" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6459" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22271" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12051" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2599" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27536" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4129" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20681" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20207" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24806" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9982" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13803" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27039" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19409" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5051" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12507" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8385" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4135" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2532" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19076" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17796" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4483" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23273" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14545" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24119" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12739" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26782" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25907" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24786" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24459" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10171" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\799" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32109" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13504" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12890" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13965" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30918" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9485" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27260" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19067" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5824" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15457" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11396" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30569" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5343" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28015" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4538" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14810" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13517" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28717" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17098" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14553" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22231" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12374" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23106" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15473" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9328" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19432" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22295" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13364" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19117" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8614" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\7969" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19893" /is

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K boohoo.cmd

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe

t.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\timeout.exe

timeout 10

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17608" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28567" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4506" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6926" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk2.exe

sk2.exe

C:\Windows\SysWOW64\timeout.exe

timeout 2

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13982" /is

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe

e.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk3.exe

sk3.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\389" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10659" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\18779" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22321" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28543" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12479" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26429" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27430" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27735" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe

g_.exe /min

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im e.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\342" /is

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ending.vbs"

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15192" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20296" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\9253" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22836" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10965" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4867" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10946" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15367" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12256" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im g.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8938" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk2.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\31310" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sk3.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im t.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26084" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im i.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im fb.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24619" /is

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\817" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\427" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19907" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\874" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6708" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17152" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14334" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14805" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2798" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe

g_.exe

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe

i.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\567" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22742" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12969" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8067" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\894" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\1774" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29351" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17334" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22986" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32206" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10900" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\3955" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17743" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12386" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\7607" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\24903" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8713" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11128" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6238" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2275" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26167" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2118" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30297" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\414" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12507" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28385" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\14717" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15599" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26683" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10438" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\12322" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\31990" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26723" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17238" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11174" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16116" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16800" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\16978" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\18152" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13775" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\1798" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\25187" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15565" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21647" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11500" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27540" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20159" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26852" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30571" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5078" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15145" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17821" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\30946" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29051" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17405" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32050" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8309" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\32188" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17710" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\11323" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22665" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\10035" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23350" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\21495" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13641" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29793" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6544" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\17606" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13092" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\13865" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\20799" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\6319" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\1357" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19027" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\26438" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15835" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\29754" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\28171" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\15150" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\4376" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\19494" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\8288" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\7555" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\2135" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\23439" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\5317" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\22103" /is

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Robocopy.exe

robocopy RecycleBin "C:\Users\Admin\Desktop\27951" /is

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe

C:\Windows\SysWOW64\mountvol.exe

mountvol C:\ /d

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 38.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp

Files

memory/3308-0-0x00000000744FE000-0x00000000744FF000-memory.dmp

memory/3308-1-0x0000000000F90000-0x000000000101C000-memory.dmp

memory/3308-2-0x00000000058F0000-0x0000000005914000-memory.dmp

memory/3308-3-0x00000000744F0000-0x0000000074CA0000-memory.dmp

memory/3308-4-0x0000000006070000-0x0000000006614000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\main.bat

MD5 825eb7b95953eb1c3a2e967453c082b8
SHA1 96813f5583e8bb6b0926fd2ccf50d351472f09d5
SHA256 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c
SHA512 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\desktop.reg

MD5 6bc57fa8fb4a2814c99ea72bc6c4c2b1
SHA1 c881f1a7965846d3e554ff1709553d2c8ed14043
SHA256 d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a
SHA512 dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fonts.reg

MD5 37c8a133cc59f9cf21424fa3be153ee4
SHA1 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2
SHA256 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a
SHA512 ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\logonui.reg

MD5 b231e874f320daa87923d4aa38040d06
SHA1 498817057bc92251d721d4b44afca99fbe103696
SHA256 b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8
SHA512 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\winupdate.reg

MD5 9bad97ae7f640e56717304a068504ef6
SHA1 2fd3fffeee98b90597cb650298732391739ed374
SHA256 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1
SHA512 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe

MD5 404f9af788af52e74bf0f55edcd92b87
SHA1 17f4becaccaf6868bf5783caf7f88b1b6dc13a32
SHA256 db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0
SHA512 e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe

MD5 fa7cd30068f56e079841e36d16bce5c4
SHA1 49237ab087b28847eb1a01eb699ee99093df6afa
SHA256 c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9
SHA512 a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ping.cmd

MD5 6af387fe39e874c82157ca8aba697458
SHA1 ea9487f8f1c3d19be955a78a909911aac566ef2b
SHA256 fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d
SHA512 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799

memory/4556-58-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ucrtbased.dll

MD5 c3130cfb00549a5a92da60e7f79f5fc9
SHA1 56c2e8fb1af609525b0f732bb67b806bddab3752
SHA256 eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
SHA512 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\vcruntime140d.dll

MD5 ee7fbf8768a87ea64ad4890540ce48f9
SHA1 bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b
SHA256 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe
SHA512 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe

MD5 c085484b593c7089907af551de309a05
SHA1 f503ae9f559fd76073578686d2193a6956747fea
SHA256 b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2
SHA512 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe

MD5 9254ca1da9ff8ad492ca5fa06ca181c6
SHA1 70fa62e6232eae52467d29cf1c1dacb8a7aeab90
SHA256 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
SHA512 a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe

MD5 cea5426da515d43c88132a133f83ce68
SHA1 0c224d0bb777f1e3b186fdf58cc82860d96805cc
SHA256 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78
SHA512 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe

MD5 cea26a633f1f3fd621382dad166466d8
SHA1 82d4d90bb6782b0c72deec431a3377e30d34c3e8
SHA256 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441
SHA512 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\copypastel.cmd

MD5 22276a82790d962885ed81f4afaa12e3
SHA1 fbd254c68e04eae009e4bdf718332d01c18087c7
SHA256 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f
SHA512 c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\desktop.ini

MD5 0b95bbe6e14257a6af62cf912ac723dc
SHA1 7995e2b5fb5c2c758161e04000bc8af4e1294374
SHA256 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062
SHA512 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1

memory/4556-74-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp

memory/4072-94-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe

MD5 ea64d01d756080b86e8e5af63ed6eb50
SHA1 008634fbd4cd348165dbe540ea529f27bd39e5c0
SHA256 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7
SHA512 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0

memory/3908-101-0x00007FF65EA70000-0x00007FF65EA96000-memory.dmp

memory/1472-188-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/3308-225-0x00000000744FE000-0x00000000744FF000-memory.dmp

memory/3308-258-0x00000000744F0000-0x0000000074CA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe

MD5 9e0c60453cdea093fa4c6762f9b1fda9
SHA1 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3
SHA256 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781
SHA512 fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96

memory/2336-311-0x00007FF7D6150000-0x00007FF7D6177000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\boohoo.cmd

MD5 d53097e0265a7589f56bfd43c2ab92d6
SHA1 c5cefc1eed9bd1eff1c32aca735af24135a1bd99
SHA256 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c
SHA512 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs

MD5 781df8e151e1d1bb97b691bc81a2619a
SHA1 cdd28747902e08da1656bb764d4d06f773c0eb2b
SHA256 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da
SHA512 b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs

MD5 d86806b3929e8deb8ab3af50ff31983a
SHA1 f038800743d28f70962acda6281bbdc5a5f0fca4
SHA256 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab
SHA512 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk2.exe

MD5 4fa84323d9988c8ce77d9f3eee327808
SHA1 5b475529847b707791b18e621337bee880ee9dc6
SHA256 e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89
SHA512 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk3.exe

MD5 4dd87b1eb9e6ab5cadafa876917f34aa
SHA1 e46c529797a14acd0dc135ccf0b0144acc53e53b
SHA256 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3
SHA512 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515

memory/7340-342-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe

MD5 3cb72c753dd5e198792d1e0be81f7e2b
SHA1 8a55b72a998bf8362a12f68ee8c4801a5a24754c
SHA256 be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97
SHA512 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70

memory/2024-370-0x00007FF736E60000-0x00007FF736E89000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ending.vbs

MD5 774cada5baf571a414c25e2ae8931762
SHA1 6ae662e045bff78ec42cc58329288c7578e860d6
SHA256 88d3fb6210f75a39337920ecbccfd0af4e4a5b9e7bf4a3bcd5366346bf7e66b6
SHA512 183e44ac3c9be05e49bd6ddc58a4cc2a5d8517fccc8a1c2615b4b91c288beb410dea03ab79b2dc40a71036955e39afb47431900610905c3d2bb07eb1261c8845

memory/1472-398-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/3008-437-0x00007FF736E60000-0x00007FF736E89000-memory.dmp

memory/3308-613-0x00000000744F0000-0x0000000074CA0000-memory.dmp

memory/2024-614-0x00007FF736E60000-0x00007FF736E89000-memory.dmp

memory/3008-616-0x00007FF736E60000-0x00007FF736E89000-memory.dmp