Analysis Overview
SHA256
cb7bc92eeb0b7161c624d8a48949621234e09bb9ed315d1397ce01b72d60e986
Threat Level: Known bad
The file Melted.exe was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Boot or Logon Autostart Execution: Active Setup
Possible privilege escalation attempt
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Modifies file permissions
ASPack v2.12-2.42
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in System32 directory
Enumerates physical storage devices
Unsigned PE
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Kills process with taskkill
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-06 08:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-06 08:27
Reported
2024-08-06 08:31
Platform
win7-20240708-en
Max time kernel
51s
Max time network
122s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," | C:\Windows\SysWOW64\reg.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Desktop\9934\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\4352\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\21740\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\9934\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\25611\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\17396\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\4352\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\23601\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\7383\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\21740\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\Recycle Bin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| File created | C:\Users\Admin\Desktop\29874\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\22248\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\32401\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\22248\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\2199\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\7383\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\29874\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\2199\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\17396\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\15515\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\16552\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\23601\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\32401\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\15515\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| File created | C:\Users\Admin\Desktop\25611\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\16552\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\mountvol.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\DllHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Melted.exe
"C:\Users\Admin\AppData\Local\Temp\Melted.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\main.bat" "
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im smartscreen.exe
C:\Windows\SysWOW64\mountvol.exe
mountvol D:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol E:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol F:\ /d
C:\Windows\SysWOW64\reg.exe
reg import desktop.reg
C:\Windows\SysWOW64\reg.exe
reg import fonts.reg
C:\Windows\SysWOW64\reg.exe
reg import logonui.reg
C:\Windows\SysWOW64\reg.exe
reg import winupdate.reg
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
b.exe
C:\Windows\SysWOW64\xcopy.exe
xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K ping.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
fb.exe
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe
flash.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K copypastel.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\i.exe
i.exe
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk.exe
sk.exe
C:\Windows\SysWOW64\takeown.exe
takeown C:\Windows\SystemResources\* Admin
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9934" /is
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25611" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2199" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16552" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23601" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\7383" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29874" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
e.exe /min
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\SystemResources\* /Grant:Admin
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe
g.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17396" /is
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21740" /is
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K boohoo.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe
t.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 10
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4352" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32401" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22248" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk2.exe
sk2.exe
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
e.exe
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk3.exe
sk3.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15515" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\7690" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g_.exe
g_.exe /min
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs"
Network
Files
memory/824-0-0x0000000074CBE000-0x0000000074CBF000-memory.dmp
memory/824-1-0x0000000000090000-0x000000000011C000-memory.dmp
memory/824-2-0x0000000000500000-0x0000000000524000-memory.dmp
memory/824-3-0x0000000074CB0000-0x000000007539E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\main.bat
| MD5 | 825eb7b95953eb1c3a2e967453c082b8 |
| SHA1 | 96813f5583e8bb6b0926fd2ccf50d351472f09d5 |
| SHA256 | 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c |
| SHA512 | 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\desktop.reg
| MD5 | 6bc57fa8fb4a2814c99ea72bc6c4c2b1 |
| SHA1 | c881f1a7965846d3e554ff1709553d2c8ed14043 |
| SHA256 | d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a |
| SHA512 | dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fonts.reg
| MD5 | 37c8a133cc59f9cf21424fa3be153ee4 |
| SHA1 | 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2 |
| SHA256 | 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a |
| SHA512 | ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\logonui.reg
| MD5 | b231e874f320daa87923d4aa38040d06 |
| SHA1 | 498817057bc92251d721d4b44afca99fbe103696 |
| SHA256 | b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8 |
| SHA512 | 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\winupdate.reg
| MD5 | 9bad97ae7f640e56717304a068504ef6 |
| SHA1 | 2fd3fffeee98b90597cb650298732391739ed374 |
| SHA256 | 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1 |
| SHA512 | 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478 |
\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\b.exe
| MD5 | 404f9af788af52e74bf0f55edcd92b87 |
| SHA1 | 17f4becaccaf6868bf5783caf7f88b1b6dc13a32 |
| SHA256 | db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0 |
| SHA512 | e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae |
\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\fb.exe
| MD5 | fa7cd30068f56e079841e36d16bce5c4 |
| SHA1 | 49237ab087b28847eb1a01eb699ee99093df6afa |
| SHA256 | c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9 |
| SHA512 | a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\ping.cmd
| MD5 | 6af387fe39e874c82157ca8aba697458 |
| SHA1 | ea9487f8f1c3d19be955a78a909911aac566ef2b |
| SHA256 | fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d |
| SHA512 | 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\e.exe
| MD5 | c085484b593c7089907af551de309a05 |
| SHA1 | f503ae9f559fd76073578686d2193a6956747fea |
| SHA256 | b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2 |
| SHA512 | 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\VCRUNTIME140D.dll
| MD5 | ee7fbf8768a87ea64ad4890540ce48f9 |
| SHA1 | bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b |
| SHA256 | 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe |
| SHA512 | 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80 |
memory/1936-61-0x000000013FD90000-0x000000013FDB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\ucrtbased.dll
| MD5 | c3130cfb00549a5a92da60e7f79f5fc9 |
| SHA1 | 56c2e8fb1af609525b0f732bb67b806bddab3752 |
| SHA256 | eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8 |
| SHA512 | 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748 |
memory/2908-60-0x0000000000170000-0x0000000000196000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\flash.exe
| MD5 | 9254ca1da9ff8ad492ca5fa06ca181c6 |
| SHA1 | 70fa62e6232eae52467d29cf1c1dacb8a7aeab90 |
| SHA256 | 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6 |
| SHA512 | a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a |
\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\i.exe
| MD5 | cea5426da515d43c88132a133f83ce68 |
| SHA1 | 0c224d0bb777f1e3b186fdf58cc82860d96805cc |
| SHA256 | 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78 |
| SHA512 | 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk.exe
| MD5 | cea26a633f1f3fd621382dad166466d8 |
| SHA1 | 82d4d90bb6782b0c72deec431a3377e30d34c3e8 |
| SHA256 | 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441 |
| SHA512 | 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\copypastel.cmd
| MD5 | 22276a82790d962885ed81f4afaa12e3 |
| SHA1 | fbd254c68e04eae009e4bdf718332d01c18087c7 |
| SHA256 | 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f |
| SHA512 | c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0 |
memory/1936-76-0x000000013FD90000-0x000000013FDB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\RecycleBin\desktop.ini
| MD5 | 0b95bbe6e14257a6af62cf912ac723dc |
| SHA1 | 7995e2b5fb5c2c758161e04000bc8af4e1294374 |
| SHA256 | 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062 |
| SHA512 | 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1 |
memory/884-112-0x000000013F0B0000-0x000000013F0D6000-memory.dmp
memory/2908-111-0x0000000000170000-0x0000000000196000-memory.dmp
\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g.exe
| MD5 | ea64d01d756080b86e8e5af63ed6eb50 |
| SHA1 | 008634fbd4cd348165dbe540ea529f27bd39e5c0 |
| SHA256 | 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7 |
| SHA512 | 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0 |
memory/2784-131-0x000000013F170000-0x000000013F196000-memory.dmp
memory/2908-130-0x0000000000170000-0x0000000000196000-memory.dmp
memory/2908-174-0x0000000000550000-0x0000000000552000-memory.dmp
memory/2984-175-0x0000000000220000-0x0000000000222000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\t.exe
| MD5 | 9e0c60453cdea093fa4c6762f9b1fda9 |
| SHA1 | 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3 |
| SHA256 | 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781 |
| SHA512 | fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96 |
memory/1652-184-0x000000013FBF0000-0x000000013FC17000-memory.dmp
memory/2908-183-0x0000000000560000-0x0000000000587000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\boohoo.cmd
| MD5 | d53097e0265a7589f56bfd43c2ab92d6 |
| SHA1 | c5cefc1eed9bd1eff1c32aca735af24135a1bd99 |
| SHA256 | 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c |
| SHA512 | 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr1.vbs
| MD5 | 781df8e151e1d1bb97b691bc81a2619a |
| SHA1 | cdd28747902e08da1656bb764d4d06f773c0eb2b |
| SHA256 | 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da |
| SHA512 | b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4 |
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\causeErr2.vbs
| MD5 | d86806b3929e8deb8ab3af50ff31983a |
| SHA1 | f038800743d28f70962acda6281bbdc5a5f0fca4 |
| SHA256 | 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab |
| SHA512 | 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5 |
memory/824-604-0x0000000074CBE000-0x0000000074CBF000-memory.dmp
memory/824-674-0x0000000074CB0000-0x000000007539E000-memory.dmp
memory/1268-725-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/2908-726-0x0000000000170000-0x0000000000196000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk2.exe
| MD5 | 4fa84323d9988c8ce77d9f3eee327808 |
| SHA1 | 5b475529847b707791b18e621337bee880ee9dc6 |
| SHA256 | e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89 |
| SHA512 | 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5 |
memory/2908-865-0x0000000000170000-0x0000000000196000-memory.dmp
memory/2908-872-0x0000000000560000-0x0000000000586000-memory.dmp
memory/1652-871-0x000000013FBF0000-0x000000013FC17000-memory.dmp
memory/2908-870-0x0000000000560000-0x0000000000587000-memory.dmp
memory/2896-879-0x000000013F0F0000-0x000000013F116000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\sk3.exe
| MD5 | 4dd87b1eb9e6ab5cadafa876917f34aa |
| SHA1 | e46c529797a14acd0dc135ccf0b0144acc53e53b |
| SHA256 | 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3 |
| SHA512 | 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515 |
memory/2908-981-0x0000000000560000-0x0000000000586000-memory.dmp
memory/2896-1005-0x000000013F0F0000-0x000000013F116000-memory.dmp
memory/1268-1099-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1143-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1293-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1338-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1362-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1366-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1410-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1414-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1268-1438-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/2908-1467-0x0000000000560000-0x0000000000589000-memory.dmp
\Users\Admin\AppData\Local\Temp\Melted_3a7cf1b1-5aaa-4127-b3c9-edaaeef48a99\g_.exe
| MD5 | 3cb72c753dd5e198792d1e0be81f7e2b |
| SHA1 | 8a55b72a998bf8362a12f68ee8c4801a5a24754c |
| SHA256 | be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97 |
| SHA512 | 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70 |
memory/4036-1472-0x000000013FBD0000-0x000000013FBF9000-memory.dmp
memory/2908-1498-0x0000000000560000-0x0000000000589000-memory.dmp
memory/1268-1523-0x0000000000400000-0x00000000004A4000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-06 08:27
Reported
2024-08-06 08:31
Platform
win10-20240611-en
Max time kernel
7s
Max time network
202s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\Recycle Bin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\mountvol.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mountvol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Melted.exe
"C:\Users\Admin\AppData\Local\Temp\Melted.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\main.bat" "
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im smartscreen.exe
C:\Windows\SysWOW64\mountvol.exe
mountvol D:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol E:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol F:\ /d
C:\Windows\SysWOW64\reg.exe
reg import desktop.reg
C:\Windows\SysWOW64\reg.exe
reg import fonts.reg
C:\Windows\SysWOW64\reg.exe
reg import logonui.reg
C:\Windows\SysWOW64\reg.exe
reg import winupdate.reg
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe
b.exe
C:\Windows\SysWOW64\xcopy.exe
xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K ping.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe
fb.exe
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\flash.exe
flash.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K copypastel.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe
i.exe
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk.exe
sk.exe
C:\Windows\SysWOW64\takeown.exe
takeown C:\Windows\SystemResources\* Admin
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9974" /is
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10605" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27670" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21134" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25132" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5609" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
e.exe /min
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\SystemResources\* /Grant:Admin
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g.exe
g.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\629" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21558" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15875" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26320" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5547" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5818" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26910" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\1248" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16726" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26528" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6708" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16777" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28519" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30051" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4239" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23407" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\162" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15344" /is
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K boohoo.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\t.exe
t.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 10
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25743" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21225" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17698" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk2.exe
sk2.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16681" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
e.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk3.exe
sk3.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10280" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\3717" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17619" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8549" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe
g_.exe /min
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ending.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im g.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22368" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk2.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk3.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im t.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im i.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20354" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im fb.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe
g_.exe
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe
i.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22518" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27629" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6354" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30292" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4001" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20353" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20013" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5923" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28220" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5841" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29877" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24140" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28677" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29956" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21953" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17630" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25485" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8757" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\1852" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5407" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4665" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\18417" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15397" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16133" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14529" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15802" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25871" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\31933" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20404" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5511" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/1576-0-0x00007FFB9F7D0000-0x00007FFB9F9AB000-memory.dmp
memory/1576-1-0x0000000000520000-0x00000000005AC000-memory.dmp
memory/1576-2-0x0000000000F60000-0x0000000000F84000-memory.dmp
memory/1576-3-0x0000000005370000-0x000000000586E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\main.bat
| MD5 | 825eb7b95953eb1c3a2e967453c082b8 |
| SHA1 | 96813f5583e8bb6b0926fd2ccf50d351472f09d5 |
| SHA256 | 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c |
| SHA512 | 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\desktop.reg
| MD5 | 6bc57fa8fb4a2814c99ea72bc6c4c2b1 |
| SHA1 | c881f1a7965846d3e554ff1709553d2c8ed14043 |
| SHA256 | d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a |
| SHA512 | dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fonts.reg
| MD5 | 37c8a133cc59f9cf21424fa3be153ee4 |
| SHA1 | 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2 |
| SHA256 | 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a |
| SHA512 | ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\logonui.reg
| MD5 | b231e874f320daa87923d4aa38040d06 |
| SHA1 | 498817057bc92251d721d4b44afca99fbe103696 |
| SHA256 | b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8 |
| SHA512 | 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\winupdate.reg
| MD5 | 9bad97ae7f640e56717304a068504ef6 |
| SHA1 | 2fd3fffeee98b90597cb650298732391739ed374 |
| SHA256 | 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1 |
| SHA512 | 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\b.exe
| MD5 | 404f9af788af52e74bf0f55edcd92b87 |
| SHA1 | 17f4becaccaf6868bf5783caf7f88b1b6dc13a32 |
| SHA256 | db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0 |
| SHA512 | e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\fb.exe
| MD5 | fa7cd30068f56e079841e36d16bce5c4 |
| SHA1 | 49237ab087b28847eb1a01eb699ee99093df6afa |
| SHA256 | c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9 |
| SHA512 | a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ping.cmd
| MD5 | 6af387fe39e874c82157ca8aba697458 |
| SHA1 | ea9487f8f1c3d19be955a78a909911aac566ef2b |
| SHA256 | fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d |
| SHA512 | 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\e.exe
| MD5 | c085484b593c7089907af551de309a05 |
| SHA1 | f503ae9f559fd76073578686d2193a6956747fea |
| SHA256 | b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2 |
| SHA512 | 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ucrtbased.dll
| MD5 | c3130cfb00549a5a92da60e7f79f5fc9 |
| SHA1 | 56c2e8fb1af609525b0f732bb67b806bddab3752 |
| SHA256 | eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8 |
| SHA512 | 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748 |
memory/4700-55-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp
\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\vcruntime140d.dll
| MD5 | ee7fbf8768a87ea64ad4890540ce48f9 |
| SHA1 | bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b |
| SHA256 | 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe |
| SHA512 | 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\flash.exe
| MD5 | 9254ca1da9ff8ad492ca5fa06ca181c6 |
| SHA1 | 70fa62e6232eae52467d29cf1c1dacb8a7aeab90 |
| SHA256 | 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6 |
| SHA512 | a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\i.exe
| MD5 | cea5426da515d43c88132a133f83ce68 |
| SHA1 | 0c224d0bb777f1e3b186fdf58cc82860d96805cc |
| SHA256 | 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78 |
| SHA512 | 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk.exe
| MD5 | cea26a633f1f3fd621382dad166466d8 |
| SHA1 | 82d4d90bb6782b0c72deec431a3377e30d34c3e8 |
| SHA256 | 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441 |
| SHA512 | 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\copypastel.cmd
| MD5 | 22276a82790d962885ed81f4afaa12e3 |
| SHA1 | fbd254c68e04eae009e4bdf718332d01c18087c7 |
| SHA256 | 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f |
| SHA512 | c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0 |
memory/4700-70-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\RecycleBin\desktop.ini
| MD5 | 0b95bbe6e14257a6af62cf912ac723dc |
| SHA1 | 7995e2b5fb5c2c758161e04000bc8af4e1294374 |
| SHA256 | 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062 |
| SHA512 | 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1 |
memory/4396-89-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp
memory/4620-95-0x00007FF6AA250000-0x00007FF6AA276000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g.exe
| MD5 | ea64d01d756080b86e8e5af63ed6eb50 |
| SHA1 | 008634fbd4cd348165dbe540ea529f27bd39e5c0 |
| SHA256 | 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7 |
| SHA512 | 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\t.exe
| MD5 | 9e0c60453cdea093fa4c6762f9b1fda9 |
| SHA1 | 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3 |
| SHA256 | 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781 |
| SHA512 | fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96 |
memory/3804-140-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/3492-141-0x00007FF7C4CE0000-0x00007FF7C4D07000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\boohoo.cmd
| MD5 | d53097e0265a7589f56bfd43c2ab92d6 |
| SHA1 | c5cefc1eed9bd1eff1c32aca735af24135a1bd99 |
| SHA256 | 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c |
| SHA512 | 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr1.vbs
| MD5 | 781df8e151e1d1bb97b691bc81a2619a |
| SHA1 | cdd28747902e08da1656bb764d4d06f773c0eb2b |
| SHA256 | 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da |
| SHA512 | b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\causeErr2.vbs
| MD5 | d86806b3929e8deb8ab3af50ff31983a |
| SHA1 | f038800743d28f70962acda6281bbdc5a5f0fca4 |
| SHA256 | 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab |
| SHA512 | 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5 |
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk2.exe
| MD5 | 4fa84323d9988c8ce77d9f3eee327808 |
| SHA1 | 5b475529847b707791b18e621337bee880ee9dc6 |
| SHA256 | e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89 |
| SHA512 | 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5 |
memory/6108-164-0x00007FF65F1C0000-0x00007FF65F1E6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\sk3.exe
| MD5 | 4dd87b1eb9e6ab5cadafa876917f34aa |
| SHA1 | e46c529797a14acd0dc135ccf0b0144acc53e53b |
| SHA256 | 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3 |
| SHA512 | 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515 |
memory/3804-178-0x0000000000400000-0x00000000004A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\g_.exe
| MD5 | 3cb72c753dd5e198792d1e0be81f7e2b |
| SHA1 | 8a55b72a998bf8362a12f68ee8c4801a5a24754c |
| SHA256 | be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97 |
| SHA512 | 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70 |
memory/5776-184-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_01c2a4b8-50c7-4001-9c2b-b39cb8860eb3\ending.vbs
| MD5 | 774cada5baf571a414c25e2ae8931762 |
| SHA1 | 6ae662e045bff78ec42cc58329288c7578e860d6 |
| SHA256 | 88d3fb6210f75a39337920ecbccfd0af4e4a5b9e7bf4a3bcd5366346bf7e66b6 |
| SHA512 | 183e44ac3c9be05e49bd6ddc58a4cc2a5d8517fccc8a1c2615b4b91c288beb410dea03ab79b2dc40a71036955e39afb47431900610905c3d2bb07eb1261c8845 |
C:\Users\Admin\Desktop\notepad.exe
| MD5 | fa9f7bb1f8a598722aecd2a2d9df20ef |
| SHA1 | ca7589c55e31869108c744e1002f8a402a2bbaa6 |
| SHA256 | a1e2dffdbd83c5086753a81437b03439d213661fc7818b9ceb5327110a794023 |
| SHA512 | a86a3b98b5b73a68440a134d617d6d313dcf7cd4fb59a7724deabc7222c1a72c7f974ee3d5b8127310fa5b35f9a0615b89e6f3d61d6bb79713d5c84cc9063ea7 |
C:\Users\Admin\Desktop\mspaint.exe
| MD5 | 88ba36bb650ba85faffb70565de79c99 |
| SHA1 | 59893b9fa90ea9d09d212c921d435e5a6972bd68 |
| SHA256 | dee04fa8fb3d3dcb7320c0548bbbe8c5529f1357694e77250d17e53989faefa0 |
| SHA512 | 13fddb4105b012a6f95a36667cea5a0a12d773ac384642ebc8ca4e4b7cc00b4740413ea8edfd1fbc7ab618e96469f659fa14b9cf30e7b601672b961010a66f44 |
C:\Users\Admin\Desktop\wscript.exe
| MD5 | 0e4c497ee4fd246cefe7b0c4fe965ef6 |
| SHA1 | 7fd5a5d1a8e673fac52c74c475aa71bd73b4bed2 |
| SHA256 | e48e84547698932d978d1e9d097843a2261c5a27d651fe970658a86a058e26f1 |
| SHA512 | c5b97df16b3b6b28de16f1a53505fa1bc0377e1664b025b78cc37a2907b364c57b47213a443ef537b1541f9bb2a642b5d8a0be6641f186cfecebe4cb82626360 |
memory/11100-211-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp
memory/5776-250-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp
memory/11100-264-0x00007FF7426C0000-0x00007FF7426E9000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-06 08:27
Reported
2024-08-06 08:34
Platform
win10v2004-20240802-en
Max time kernel
388s
Max time network
337s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe," | C:\Windows\SysWOW64\reg.exe | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\17796\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\15457\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\13364\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\29754\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\5069\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\22665\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\Recycle Bin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| File created | C:\Users\Admin\Desktop\4135\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\7607\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\21825\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\24459\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\20296\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\16800\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\29051\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\14553\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\17743\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\24903\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\11287\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\8852\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\20681\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\22231\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\567\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\28543\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\26723\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\13092\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\4129\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\5078\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\6459\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\24786\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\5068\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\19067\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\6319\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\20207\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\30918\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\12969\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\19027\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\26463\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\29793\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\817\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\26683\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\7969\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\6544\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\12708\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\31815\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\14086\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\4538\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\13517\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\27536\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\12739\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\10900\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\11323\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Melted.exe | N/A |
| File created | C:\Users\Admin\Desktop\21825\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\25545\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\12051\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\14086\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\12322\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\12414\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\18779\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File created | C:\Users\Admin\Desktop\18779\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\15150\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\26899\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\26463\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\32109\desktop.ini | C:\Windows\SysWOW64\Robocopy.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\mountvol.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wscript.exe | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Windows\SysWOW64\wscript.exe | C:\Windows\SysWOW64\cmd.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mspaint.exe | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | C:\Windows\SysWOW64\mspaint.exe | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
Kills process with taskkill
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{51357238-4892-47FB-B1F9-955EE71CAB44} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Robocopy.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Melted.exe
"C:\Users\Admin\AppData\Local\Temp\Melted.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\main.bat" "
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im smartscreen.exe
C:\Windows\SysWOW64\mountvol.exe
mountvol D:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol E:\ /d
C:\Windows\SysWOW64\mountvol.exe
mountvol F:\ /d
C:\Windows\SysWOW64\reg.exe
reg import desktop.reg
C:\Windows\SysWOW64\reg.exe
reg import fonts.reg
C:\Windows\SysWOW64\reg.exe
reg import logonui.reg
C:\Windows\SysWOW64\reg.exe
reg import winupdate.reg
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe
b.exe
C:\Windows\SysWOW64\xcopy.exe
xcopy C:\Windows\* C:\Users\Admin\Desktop\* /J /V /C /I /EXCLUDE:explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K ping.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe
fb.exe
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe
e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe
flash.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K copypastel.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe
i.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe
sk.exe
C:\Windows\SysWOW64\takeown.exe
takeown C:\Windows\SystemResources\* Admin
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9970" /is
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25509" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c 0x2ec
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17355" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\18021" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8621" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5757" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11258" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32134" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21825" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe
e.exe /min
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\SystemResources\* /Grant:Admin
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24490" /is
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe
g.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26899" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23571" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12307" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12708" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6733" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23527" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25545" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\31815" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26463" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25472" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5068" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20307" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14086" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12414" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5069" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\3307" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30083" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21032" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13885" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11287" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27418" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13287" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10964" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2882" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8852" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14280" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27915" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21181" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24510" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24830" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17057" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26426" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9704" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\3678" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\18970" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27729" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20071" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17634" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6459" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22271" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12051" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2599" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27536" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4129" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20681" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20207" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24806" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9982" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13803" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27039" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19409" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5051" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12507" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8385" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4135" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2532" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19076" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17796" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4483" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23273" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14545" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24119" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12739" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26782" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25907" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24786" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24459" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10171" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\799" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32109" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13504" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12890" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13965" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30918" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9485" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27260" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19067" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5824" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15457" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11396" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30569" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5343" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28015" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4538" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14810" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13517" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28717" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17098" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14553" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22231" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12374" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23106" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15473" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9328" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19432" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22295" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13364" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19117" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8614" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\7969" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19893" /is
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K boohoo.cmd
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe
t.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\timeout.exe
timeout 10
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17608" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28567" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4506" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6926" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk2.exe
sk2.exe
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13982" /is
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe
e.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk3.exe
sk3.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs"
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\389" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10659" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\18779" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22321" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28543" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12479" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26429" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27430" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27735" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe
g_.exe /min
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im e.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\342" /is
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ending.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15192" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20296" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\9253" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22836" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10965" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4867" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10946" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15367" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12256" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im g.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8938" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk2.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\31310" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sk3.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im t.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26084" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im i.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im fb.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24619" /is
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\817" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\427" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19907" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\874" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6708" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17152" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14334" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14805" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2798" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe
g_.exe
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe
i.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\567" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22742" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12969" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8067" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\894" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\1774" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29351" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17334" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22986" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32206" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10900" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\3955" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17743" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12386" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\7607" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\24903" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8713" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11128" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6238" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2275" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26167" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2118" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30297" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\414" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12507" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28385" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\14717" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15599" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26683" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10438" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\12322" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\31990" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26723" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17238" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11174" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16116" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16800" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\16978" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\18152" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13775" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\1798" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\25187" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15565" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21647" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11500" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27540" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20159" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26852" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30571" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5078" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15145" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17821" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\30946" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29051" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17405" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32050" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8309" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\32188" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17710" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\11323" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22665" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\10035" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23350" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\21495" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13641" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29793" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6544" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\17606" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13092" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\13865" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\20799" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\6319" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\1357" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19027" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\26438" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15835" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\29754" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\28171" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\15150" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\4376" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\19494" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\8288" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\7555" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\2135" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\23439" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\5317" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\22103" /is
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Robocopy.exe
robocopy RecycleBin "C:\Users\Admin\Desktop\27951" /is
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell.exe
C:\Windows\SysWOW64\mountvol.exe
mountvol C:\ /d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
Files
memory/3308-0-0x00000000744FE000-0x00000000744FF000-memory.dmp
memory/3308-1-0x0000000000F90000-0x000000000101C000-memory.dmp
memory/3308-2-0x00000000058F0000-0x0000000005914000-memory.dmp
memory/3308-3-0x00000000744F0000-0x0000000074CA0000-memory.dmp
memory/3308-4-0x0000000006070000-0x0000000006614000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\main.bat
| MD5 | 825eb7b95953eb1c3a2e967453c082b8 |
| SHA1 | 96813f5583e8bb6b0926fd2ccf50d351472f09d5 |
| SHA256 | 74e942b534f60a3d3673de6030fa46002bf0ec142b9575cafd8cc771f3e1a28c |
| SHA512 | 1d50d1c3cc293715649d7d6a2ea5e7028f07b9e0c3e7523186cf3194a7fa68ce7b08046c2bb79468b039f24b813166cbc3d9b64a759ca08f18f06c95de7d657e |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\desktop.reg
| MD5 | 6bc57fa8fb4a2814c99ea72bc6c4c2b1 |
| SHA1 | c881f1a7965846d3e554ff1709553d2c8ed14043 |
| SHA256 | d0f2a2e83bdd0df4820733f8a0708ad647fc1febd3c4eb6936f6e0290fe0be0a |
| SHA512 | dd12e946a0a6f84c49306647453898500017c730af4bb47d51ab39343a275f7d5f117326adc2bd25c98231cbdf3097109fd286da756201e60206fffac6331a70 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fonts.reg
| MD5 | 37c8a133cc59f9cf21424fa3be153ee4 |
| SHA1 | 1c7bab80249f7c9b3cc2932fe27f0c1cd32f29d2 |
| SHA256 | 0455aaa368bd1fcf95c519425f876706144d2822b91730c9255989c80ef34b5a |
| SHA512 | ceffa6c04357a3175dca6f08e69d7ccd2fa4da48a8e9a01907df2a0a0bc5d8caba0042fb1f55436ecf41839601c8a44b1ec6037575e707d8ea2d6356fc6d6d4f |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\logonui.reg
| MD5 | b231e874f320daa87923d4aa38040d06 |
| SHA1 | 498817057bc92251d721d4b44afca99fbe103696 |
| SHA256 | b7ade17dd54a4491fe8df34152323245b81288709c42519ce91a2d2c7a761bb8 |
| SHA512 | 08e0fc3a35b6bbaab079ad7170b5f5d64ef88d5b4af681747d99547bc884fafdfbb54c238e0a6d9c89c1403f9f75d2f66b36acc6a9ab8742ec7b7b2d2060b4f8 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\winupdate.reg
| MD5 | 9bad97ae7f640e56717304a068504ef6 |
| SHA1 | 2fd3fffeee98b90597cb650298732391739ed374 |
| SHA256 | 6ac6ec6b68cdb64086e404df7c109d2dceb8af21965141fb45f428e83ff192f1 |
| SHA512 | 4ba567e480dc2bca1cf682f212e6ff1fe75a1f108ce72d70aca6f25ed4d5b4a76c928920862d2c4572b11916abaa83886c18e4f1df1e6556890cdaa84c11a478 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\b.exe
| MD5 | 404f9af788af52e74bf0f55edcd92b87 |
| SHA1 | 17f4becaccaf6868bf5783caf7f88b1b6dc13a32 |
| SHA256 | db842ba93967f1637597713b9a0a20c4c98d12bf0556413cba26a3f7379b03e0 |
| SHA512 | e108ccbe0bf99478e1b6bd22bd208af8f90378e0e4db2aebe7d5b03dd5e8f679d2eb7e1649779753390a44a204f74a3a1a1f5572f3a77760f5bf62052b2da1ae |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\fb.exe
| MD5 | fa7cd30068f56e079841e36d16bce5c4 |
| SHA1 | 49237ab087b28847eb1a01eb699ee99093df6afa |
| SHA256 | c62d2a4ac688ed3972dbb663d2d54c996895d9a3efc4eacc21eb9e2cf02e7cb9 |
| SHA512 | a10534f16a2f0b6d0ace630d7b391a37c7fd7d6dd9e98245d5ec6aaf83935046732cadfc21133e0f2b484c1ca0959e16ce8e6f70e15278fd4d39a4950f03611f |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ping.cmd
| MD5 | 6af387fe39e874c82157ca8aba697458 |
| SHA1 | ea9487f8f1c3d19be955a78a909911aac566ef2b |
| SHA256 | fe38147b0ea25ace8e7397075fb827ba0f9e7d17e207800ea3e5f875913aaa9d |
| SHA512 | 7b03f3cf898b359c9c4ac5ad86949732627257ce39326332d8702fa99072d2c620d6d82f5d9f81e29adb9cb252d24904839dc470c5c764cfacfdf963e7121799 |
memory/4556-58-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ucrtbased.dll
| MD5 | c3130cfb00549a5a92da60e7f79f5fc9 |
| SHA1 | 56c2e8fb1af609525b0f732bb67b806bddab3752 |
| SHA256 | eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8 |
| SHA512 | 29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\vcruntime140d.dll
| MD5 | ee7fbf8768a87ea64ad4890540ce48f9 |
| SHA1 | bcbc1ebd5a592c2df216d3211f309a79f9cd8a9b |
| SHA256 | 03eafdf65d672994e592b8acc8a1276ccae1218a5cb9685b9aa6a5ffe1a855fe |
| SHA512 | 0cbf346d46b5c0b09c1f3fb4837c8df662bf0c69de8c4ae292b994ec156c91b78dbaad733226d765b1ca3ee1695566dc90bf85086e438fa15b9eb32058abce80 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\e.exe
| MD5 | c085484b593c7089907af551de309a05 |
| SHA1 | f503ae9f559fd76073578686d2193a6956747fea |
| SHA256 | b78b116d79d8f9613510dbde5aa4a8ca59913ee32df540d06defa214489972d2 |
| SHA512 | 72b458179362a1bb2888213736e5731d0bafe094feaac11a44e78f7a5ed60a4d6f275aa32bbce41950852a31bc55ce19266f26cd3e66bec9f35dc5aafe97fba1 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\flash.exe
| MD5 | 9254ca1da9ff8ad492ca5fa06ca181c6 |
| SHA1 | 70fa62e6232eae52467d29cf1c1dacb8a7aeab90 |
| SHA256 | 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6 |
| SHA512 | a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\i.exe
| MD5 | cea5426da515d43c88132a133f83ce68 |
| SHA1 | 0c224d0bb777f1e3b186fdf58cc82860d96805cc |
| SHA256 | 2be7a0865ded1c0bd1f92d5e09bb7b37a9e36a40487a687e0359c93878611a78 |
| SHA512 | 4c1f25147222c84dff513bebf00e828719454ad634ef9380cfc7835f0457a718b4b437ecb60c1fa72a7f83fbb67e1ddfcd225194eedda77034c72f8c752c642c |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk.exe
| MD5 | cea26a633f1f3fd621382dad166466d8 |
| SHA1 | 82d4d90bb6782b0c72deec431a3377e30d34c3e8 |
| SHA256 | 00e030cb6b6f2fb7b3636f500f60492765363a661e4d7317278c0bbed5689441 |
| SHA512 | 5244a41121002f8e6c7082d0e4114d74a4fe527b9585adc751bf8d590860057eaf9129bd1dfc070c630f19ef4eac1fb4bcfc25675608fb007b3699c963b0176a |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\copypastel.cmd
| MD5 | 22276a82790d962885ed81f4afaa12e3 |
| SHA1 | fbd254c68e04eae009e4bdf718332d01c18087c7 |
| SHA256 | 8e0bcb5e46f121e9389c5312b4028b7a951e3d695365dc45884a5b756405b61f |
| SHA512 | c089f5388b18753200c7c83a63b7507a5ed608e6e3a8334fe4b92c7d86c20c14adfef950c43c52c1b570a3fe5a8b0583856511543ef1a863bdf0fcafa02222b0 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\RecycleBin\desktop.ini
| MD5 | 0b95bbe6e14257a6af62cf912ac723dc |
| SHA1 | 7995e2b5fb5c2c758161e04000bc8af4e1294374 |
| SHA256 | 3ecbc30bfba5ba7ad0d335aefa251e4efcdc3c7d7919ac55600fd40147b91062 |
| SHA512 | 1c5ef8250d01d1b9ef41529071610a671f228996e0dec1efd6b1eeb1e5ca02fe684ed9857a9958e32b40470561f042709c7f43b8bae36379131737f39cfb7bd1 |
memory/4556-74-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp
memory/4072-94-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g.exe
| MD5 | ea64d01d756080b86e8e5af63ed6eb50 |
| SHA1 | 008634fbd4cd348165dbe540ea529f27bd39e5c0 |
| SHA256 | 35fc36cdd77b1eae66fd02fec2f47cf06841365f6ab66160ed8cf522d71355f7 |
| SHA512 | 7e7046017eb32e804fb213070997ef228a12426e0f157e959a97a4e27f816eb66b365850cc18ae8573519623db354740d7c008c09734f404d31775e79ead2bb0 |
memory/3908-101-0x00007FF65EA70000-0x00007FF65EA96000-memory.dmp
memory/1472-188-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/3308-225-0x00000000744FE000-0x00000000744FF000-memory.dmp
memory/3308-258-0x00000000744F0000-0x0000000074CA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\t.exe
| MD5 | 9e0c60453cdea093fa4c6762f9b1fda9 |
| SHA1 | 02dfa74e42739c4e8a9a0534273f6a89b51f1dd3 |
| SHA256 | 269c6da90935306778f4f76005d1f00b49703f8819b60e2764cc14a5abc9a781 |
| SHA512 | fc499cb6b98529c7a856c9ec7198f2a6d00d0c0d6b16e826913ab8dca2602f6700e3956749d3316484b94e6867f54cf99aa77f23375ea6c5ea75daa88c91aa96 |
memory/2336-311-0x00007FF7D6150000-0x00007FF7D6177000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\boohoo.cmd
| MD5 | d53097e0265a7589f56bfd43c2ab92d6 |
| SHA1 | c5cefc1eed9bd1eff1c32aca735af24135a1bd99 |
| SHA256 | 28ef22b5677f5523a8852966999f2e1decd7ccf21d14e65dea0d168d460b450c |
| SHA512 | 9222dab4590a7d954b8852b3ac22d7bb30c6d4b563ba02003e95d30c16811048961ef757e5ad5ffe5a1c401509c16e99737215a5620702fb47fe217ea0f69445 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr1.vbs
| MD5 | 781df8e151e1d1bb97b691bc81a2619a |
| SHA1 | cdd28747902e08da1656bb764d4d06f773c0eb2b |
| SHA256 | 754bc078439d3b70d46b1a3482d1f359757dd5937d5f1874754f4c8128a6f0da |
| SHA512 | b7368b8c44a826c769d8a79b4ed2c6eab82acbc965ea52c85f60bfdfe125a60285df5e35587700ba22829d26295d11a9b2d9f959ca974d3520274937a3383bd4 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\causeErr2.vbs
| MD5 | d86806b3929e8deb8ab3af50ff31983a |
| SHA1 | f038800743d28f70962acda6281bbdc5a5f0fca4 |
| SHA256 | 18ff5d475bb345af4c5390ff5ab5cc0fae2dd1da9e00c7a2d169463c79d9a6ab |
| SHA512 | 642d2c2a7c506e4bb8f61d4235fa5b0f411bd43e4cc0c4ab758a292c1fd684533ad1bf89a18b0013383f311095057670fe8ea3b9d0eb5f5a115492041e6d98a5 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk2.exe
| MD5 | 4fa84323d9988c8ce77d9f3eee327808 |
| SHA1 | 5b475529847b707791b18e621337bee880ee9dc6 |
| SHA256 | e7dd38f8d0126e13b8d86659f62bda9aa9b50ac6451b1d5c4dab445385757b89 |
| SHA512 | 4154063d92c06c7789359f416a6754c8edbbd08e58633c487a5826c614411a40038d01c65b94b49189d8a4689e25f0b0595a9be662e953bd8fec434a6f02d2f5 |
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\sk3.exe
| MD5 | 4dd87b1eb9e6ab5cadafa876917f34aa |
| SHA1 | e46c529797a14acd0dc135ccf0b0144acc53e53b |
| SHA256 | 57509b4f3ec7b6aa07c4a42ad140d6d1a754a267d53b6fc539fa73c24da792c3 |
| SHA512 | 55cc6467b1786d08c12a41db5d205774a489b4522965932a126d1bf1a628f72129a843c380272f01bfe68e861ed829dffa537bd4527d0fdbe2ff8c9188ca9515 |
memory/7340-342-0x00007FF69E880000-0x00007FF69E8A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\g_.exe
| MD5 | 3cb72c753dd5e198792d1e0be81f7e2b |
| SHA1 | 8a55b72a998bf8362a12f68ee8c4801a5a24754c |
| SHA256 | be9d8772b360ca8054929e5f057413b69932ca8e521e6c696e0fb6b371e8cb97 |
| SHA512 | 008ed2e26fb4f41e9bb245130cc8f285744ccf737adeffc4c78cb11c03261f906cfd50b5b9e78f2c17dc2b8a01d83554e93f4960370064af87e84322cc78ee70 |
memory/2024-370-0x00007FF736E60000-0x00007FF736E89000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Melted_0693a93f-1a13-41fd-b2ac-39b77aa5d175\ending.vbs
| MD5 | 774cada5baf571a414c25e2ae8931762 |
| SHA1 | 6ae662e045bff78ec42cc58329288c7578e860d6 |
| SHA256 | 88d3fb6210f75a39337920ecbccfd0af4e4a5b9e7bf4a3bcd5366346bf7e66b6 |
| SHA512 | 183e44ac3c9be05e49bd6ddc58a4cc2a5d8517fccc8a1c2615b4b91c288beb410dea03ab79b2dc40a71036955e39afb47431900610905c3d2bb07eb1261c8845 |
memory/1472-398-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/3008-437-0x00007FF736E60000-0x00007FF736E89000-memory.dmp
memory/3308-613-0x00000000744F0000-0x0000000074CA0000-memory.dmp
memory/2024-614-0x00007FF736E60000-0x00007FF736E89000-memory.dmp
memory/3008-616-0x00007FF736E60000-0x00007FF736E89000-memory.dmp