Malware Analysis Report

2025-08-05 14:55

Sample ID 250704-vzdn8axk13
Target 46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088
SHA256 46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088

Threat Level: Shows suspicious behavior

The file 46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

Executes dropped EXE

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Runs net.exe

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 17:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 17:25

Reported

2025-07-04 17:27

Platform

win10v2004-20250502-en

Max time kernel

149s

Max time network

147s

Command Line

C:\Windows\Explorer.EXE

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows Defender\fr-FR\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\WidevineCdm\_platform_specific\win_x64\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\EBWebView\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ro-ro\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\Java\Java Update\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\dtplugin\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Photo Viewer\uk-UA\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Trust Protection Lists\Mu\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\WidevineCdm\_platform_specific\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Extensions\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Trust Protection Lists\Sigma\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\MSBuild\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1588 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1588 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1588 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1588 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 1588 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 1588 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 4728 wrote to memory of 2672 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 4728 wrote to memory of 2672 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 4728 wrote to memory of 2672 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2672 wrote to memory of 3112 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2672 wrote to memory of 3112 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2672 wrote to memory of 3112 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 1896 wrote to memory of 3796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1896 wrote to memory of 3796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1896 wrote to memory of 3796 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 3796 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3796 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3796 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 2136 wrote to memory of 1892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 2136 wrote to memory of 1892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 2136 wrote to memory of 1892 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1892 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1892 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1892 wrote to memory of 4040 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4040 wrote to memory of 4700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4040 wrote to memory of 4700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4040 wrote to memory of 4700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4700 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4700 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4700 wrote to memory of 4828 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4728 wrote to memory of 3472 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 4728 wrote to memory of 3472 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 4828 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4828 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4828 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4636 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4636 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4636 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4676 wrote to memory of 5544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4676 wrote to memory of 5544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4676 wrote to memory of 5544 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5544 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5544 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5544 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1128 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1128 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1128 wrote to memory of 4788 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4788 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4788 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4788 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4748 wrote to memory of 4956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4748 wrote to memory of 4956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4748 wrote to memory of 4956 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4956 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4956 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4956 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5928 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5928 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5928 wrote to memory of 2280 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 2280 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 2280 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 2280 wrote to memory of 6128 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 6128 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 6128 wrote to memory of 2220 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a40A3.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a421A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a43EE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a46DC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4892.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4A57.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4C4B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4E3F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a516C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5275.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5505.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a56DA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a58FD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5AC2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5CC6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5ED9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a61D7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a62D1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a660D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6801.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6968.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B9B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C47.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6D31.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DDD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6E5A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6ED7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F35.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6FB2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a701F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a707D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a70FA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7148.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71C5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a733C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a73E8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a74B3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a758E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a782D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7918.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79C4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7A7F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B3B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7BF6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7CD1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D7D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E58.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7EF4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FBF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a808A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8155.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a824F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a830B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8378.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a83D6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8424.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8482.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84DF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a853D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a85AB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a85F9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8666.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a86D3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a88D7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89B2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A3E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8AAC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B0A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B87.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8C71.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8CCF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D3C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D8A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8E07.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8E75.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8EE2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8F30.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8F8E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8FFB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9069.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90E6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91A1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a94DD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a95D7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a96A2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a976D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9AB9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CAD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D3A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9DA7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9E24.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9E82.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F0F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F6C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9FE9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA037.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0A5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA103.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA160.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA1CE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA23B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA2D7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA335.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA3A2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA41F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA47D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4DB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA558.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5D5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA652.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6CF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA73C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA78A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7E8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA846.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8A4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA901.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA95F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9DC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA4A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA98.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAF5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAB63.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aABD0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC2E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC9B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aACF9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD57.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aADB5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE32.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE8F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAEFD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF6A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAFC8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB035.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB093.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB0E1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB120.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB17D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB1EB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB258.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB2D5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB333.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB391.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3EE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB47B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB4E8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB556.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB5A4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB611.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB68E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB6FC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB788.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7F6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB853.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB8D0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB91E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB97C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB9DA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA28.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA67.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAB5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB12.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB61.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBAF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBFD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC5B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCA9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD26.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD74.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDC2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE4F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBEDB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF49.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFA6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC014.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC091.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0EE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/1588-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/4728-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1588-11-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a40A3.bat

MD5 13ff28c7cf16bf1a385e9a15a4277190
SHA1 95d564f720b0c27ee84ac7371821afdf6f21a917
SHA256 8c4d845ddc69ceac6d4adbf5908f0779139c5fb33a0891cab39bd336187dacca
SHA512 10073d41deb2347e37909d68eb1e9e102f5a7d004176f18e05e0aa455efccff35904f50ef4a5c061e0a9b25a1d20f67e3a0c205d88aaad8846071bb8609cee65

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 b82d96f76f08c76a1196291d50f8f75a
SHA1 fdc9895f995a4f994b4490f9f1a1b14b52468d23
SHA256 394144fe33d667b4a69f86d92f3e4f6dc6791a1e0a1f6feb4c4764ba1ffb99c9
SHA512 8c7dbb951ca675a50dcf98430b2d6eda385745f682a196ab91f25a00223e46352413a6bd434687a81af09c6e6cef0b584b3e47d4256862846deda0e10ad4afc3

memory/3796-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a421A.bat

MD5 49ce6e8c0637511d456b6390b5e68358
SHA1 0f9fb7e4b4de96b5a55d565545b8d59feafa3755
SHA256 0e76b80ddf1118cb4e745a9170df23bcb5acc0f2bd33854bcee3e56ccfff7926
SHA512 e6fb488411594ea64fa672cfaf4d04925781b748d1c893fe13ddf121d8708a3505e9fb4ef3fc6defe92d32f25be7b28946115c0aa5694e4b987c737a75627d4e

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 48d2bd4a1ad8a25e4ce2e27a24c4b0ad
SHA1 ba1fb34bbdf31fc6c2e5ae3b44a024c557a7d4c6
SHA256 c959502d180bdb7cb8583ec4d72bcd582bc14bee145a00e43206b43bf3875172
SHA512 f11d34868b0b6ac1251b23ee80ac2a92ea8e711dde9a8d096f0569d46e1e0b35ad4fef44d968dfdcbc430defe9d3a829c3442633d3f35258e3f2d3a8f9f0d670

memory/1892-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a43EE.bat

MD5 eb8df3d7f834e96635cad7193c89b639
SHA1 50de78bd584ffd43e13e45e66eba4b52fd608f7d
SHA256 b338ef099866d1432247c8b1650d35fa341a86ac2a03bb9002e339d7f2c8e37f
SHA512 0dd36e981402bc2e12d2e3d54af3de2f80cf6389af30c8072ed0b480c16050ccc89456662c9d63f3a40f44d23389cf6ae50c81fed7fd0ee22e77f3b4c0f3999c

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 3877be739c56deddb4eb1881aec2dcf1
SHA1 538ae3fb32f174b4a1ac49b5b7498062105cb97a
SHA256 5112757c58263bbfc0f8bdf5a835f101ecec99fa125367d717aafdf47ee453bc
SHA512 4511deac9ce255332ef791cec49da88980d99bd562437e418606feac5605b18508358da8f78d59e17f9013fe0760ce3e92013034c9cbcaf0c76b2e9e33f8e56c

memory/4700-36-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a46DC.bat

MD5 1c6bb53c04d26c0989d6095a73f795b0
SHA1 3b0ead03cf3a66db65bb2eb9b951ebefd2f7865d
SHA256 73af1f14e2f5c04b0d70bff247637d02f57b3494e941d85d41671a8a5fd075e3
SHA512 fc7a01a1a531da7f843b820ee4f7662e05925d452592da2b33c634fa6f42998f025e96a12dc5e85d3ae7f8153a0ab91ab9d898c6a6a5924e3a9d2e93d5e7b7dd

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 812ece06733009a82bf6408985929fba
SHA1 87c8591fb9987b13002b5c120e09ccdac311f3ad
SHA256 ee552dc7fbe9bc0578a51d19059c17277c0b35ebba26483b507537f626de16df
SHA512 97be453c59be0d37226dccacfa16e3b5ebeda2c59c3dbda3243ab537d23b85a0372bf5688de891ac74bca332ec4f73b393515bbe2c13d7ff0c37f74ba8581677

memory/4636-44-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a4892.bat

MD5 7c2d2365c1fd628c37f452892c6f1276
SHA1 31cd3b6ab8d23fcf0b67291700450aabbee279a1
SHA256 558262330c457088c030773bcaacb35266cb1aedc8dc43e85f476ad7cbcdac0a
SHA512 2fa8742423be7a666f36b736a9ccc70bc3ab91b75d8d3e99884935a40c7eef24a8b882781d213186a0196bb55808ccccd961deade6a2cf522be836d393b06bb4

F:\$RECYCLE.BIN\S-1-5-21-1153236273-2212388449-1493869963-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 1dae950688a0388d44755bd325f3b26d
SHA1 a16dcd5c2c9ca5e7a5e8bc252d45cfa31b13899f
SHA256 529b13158d64c6e0411e318831993b908017105a70ff69d7338b81ee72c23999
SHA512 52ecbd477358d513b3c9900387ca8560dff6476ac51347d71f67dc140eb4c11298fd9848a3ed9217a676c896e0b11d02dc9e1402799e4230f337e236dde258b2

memory/5544-57-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a4A57.bat

MD5 cf1a8d90552d160a0d2c8f9c9a642f78
SHA1 0236aab23b4cf20e006d1d5b926e0ca246d1f181
SHA256 76579ea5d27f01063e893d31e76918e9a334827120d3a1d8140618be65fca9c6
SHA512 6770e2121678374898a7c4cf82987b47ae2e8d34b09ff70db29bb53fc2be4f21586186938c9879017b99791ba436559e2c40cb5a465e57b578b4f49c2df8a972

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 a2778cca8aac0d851850163b266dcb83
SHA1 621d3ca4af2ffd706ddc75a20da1bd8220496c81
SHA256 61c330ed6a66c9f01eee7ec82bc803f35de11ee189eb0154beafacc1b26baacf
SHA512 84b58a779f1db978a279440d6b2986fb89aa89f8e0f22ddb0767096d7542fe0a176b5dc262c796f55a81fb2e83e82cf9f55b3070cfd90d7636c9fb036bb0d583

C:\Users\Admin\AppData\Local\Temp\$$a4C4B.bat

MD5 132f9f8ea8d235cbe1893ec4f10f53aa
SHA1 6e50b77e227912c3196c8e2b8342858f102175a2
SHA256 5f0204e06178dedd6961f6b2e79a8a324366963413b13aad23d1f4514b68fcbc
SHA512 e0613b92298389c22da79f50f1aec86282bdf66d352b4eab9684743ae2f613f0c41a8971c1f7dc038daafdabe51e09e3abf9832a13ebead4c0f64cb53b21a402

memory/4788-64-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 30c88578daeea32c5a9193f659a8e9d6
SHA1 f2399d1f19d5aac28ab3396cc2e60f069734abd2
SHA256 de99ee0a80b839cb114b209ce66dbe7138332206459b976e80d56c5a7d548282
SHA512 1dea150aa85a1835c683553bd4270ceee8578fa13200bfcdace8456be125a01315441775a0c06c432bc12c66c6bf9f7956187dc9617b538b322869e3a431da0f

memory/4956-75-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a4E3F.bat

MD5 9fd16cd2315a1f8e25e30a6f847adae1
SHA1 1a4fb816be95d36a696f1ecdd8a2f4cb7e92ceca
SHA256 acc20e9fbed4a99828d8ecca26a13b70409069961f5546f1b11b226750ee5234
SHA512 a3895efe101ed83fa3faae48582a38e119e46ded8ca3b6a0ce7dc3e083473c2841a93f6297fbd24db7d4439878c54ea296686b1410c2a1d2a0e16b065d113331

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 f0d0c4f1cd44bef920faaca002031a48
SHA1 01156004c0dfafa5fe1090a31d82bc41db570030
SHA256 1a672282612bf22732e9ee76da3c2948638a356cf7f2ca680e5c55f68d956010
SHA512 dc4d6305e3e317785394d8f2e8436a238a70685fb05c144d04810f7ebfedc22c9efbbd147f004974750b73a18d3aa6fdc4e05a259c81a0a6770495d2f108dc23

memory/2280-82-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a516C.bat

MD5 941ef4175d835661fec0562a71971209
SHA1 6a99c434b178b7b38de7bdb81861ef82ac2d07b6
SHA256 9f2245ab0c0cbb95f7e1aaa61b82a2856ad609268dc81b864fbd4b4cd6925e71
SHA512 feede398985d35f76848fcf924e24459be1e76c59a13894091e5c5f17d7fad5f744fdcee882e42553dcfdd768ec2f1cf322d4df8ac0982e8f5c4e3d83a30520f

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 7479252108e618e6b64d55bb24233a2a
SHA1 6572ce58440f6fa531c381ed19b04b443331c35c
SHA256 03c83306d7b3490aa96d3fb2d78b864474684ff26077515f84b2fcaae29b7adf
SHA512 51360f6cf656220fd83fa64ccc603661d30e13c47386f7126cd1ca6d6e8a9f1550d0b51e36bb5ccadb93911820b57da871960678e354b3af30168f1ea84abb1c

memory/2220-91-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5275.bat

MD5 d63662eba947c0a79016a31ccb1c056f
SHA1 c2b564ad7fbef88af9390038c7a65011573443b8
SHA256 0046bfe42b36c3a3680f46e9209bf48cdc61ec9d70bc5e9ac08d9db1b96b58a1
SHA512 a08f8a6883d0d106669e2c1d3c83a4ecdebf0a576f2552ab178f03c660565c9e9a96757b4b4cda4d2e882da3b91af09cfc26d70d14e65bcf58b7871c87f4b28d

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 626a75e9ce00ae5cbfbc134159117a51
SHA1 c1eb205592c73f8ccfcab169ea9aedf3fd671834
SHA256 09f6b32613eaabc5dc57c3712152ac10e4646f8b24587b44410a3b7303e2c1c5
SHA512 5848b65734a26c33343974027a6925ed14b7147f89f1b2ea8af72b963955efe128431e533090b57300e38e4cb62f806e029deef14bc0121881d5c4733e86019a

memory/4728-95-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2192-99-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5505.bat

MD5 58317a88b6ebade24f71fc7978b235ca
SHA1 1013ff8bb98debe85dd9b9af4d4d7eee0d85c430
SHA256 21d563fc185e96158fb77e17acfdb83484d198e2011d400d6dcd459ae170d5db
SHA512 f4316aeebbc65d55411707b51ac6f25713acf77415141772d80d9879efab5aa6a10a4a7d4ef1562e8acdbf81f1f41acad7ab107b39e211fd389c6240ba185eb4

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 98af4cc4cab8eeb602c7c44a4fb52ff8
SHA1 0bbdc7c05666aaa912a43e442001b207e75420ec
SHA256 fa7550063d9ad22b5670e65cef1b371bea442b6fb9f0349e3eaf18a6f7c8757f
SHA512 7e923673108c41b89bceabb28c9690681a1e2490f92142237bff0ccda747c218b864d77c4603701d522218e1eec9286e1cf6c1a64df9351e5b28c2a384d56b3a

memory/4768-108-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a56DA.bat

MD5 a352cc5d9041ce17334837c6dcd24805
SHA1 6cba066dd0906d7656d51db3979cb79bef0e440d
SHA256 69d6a7052bca242022557ba5e4def6e60a19bfdc64f60da195672a058b041646
SHA512 136f331ac8e418c7fdfe374bef2c701889cbc1ecc1a272651d6cb9917c545dc81647a15e397ba56bc343b151c49cdf7a193d7e81e144aac8fdbcce3b39150dcf

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 712e2bec8ac9946db54a25f10d5c8374
SHA1 76ef8d406b050050aab52c32b2e266035563ec05
SHA256 f3d3769c2c78bcc86184e504014d1be84454002b0df55d4efdf200945c45de18
SHA512 f22630899755c13a28d2a26b1dbc7b2426a83c3478ccaa0e1aef6edc08640a66d9bbc32567c01d521316d73300d5fba1747dcd2659af7635d3a6f8d3c327837d

memory/2696-115-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a58FD.bat

MD5 ea013bc87659d3c1d441390943657074
SHA1 c1becd77cde352db59687a22f6a04db9a07564ad
SHA256 5469539b4fa3685d3147b63c1ee57755faf23360495afa4b9723cf1557410f41
SHA512 eade566facd18f19b5ba1dcaf4e471a3359af13c1c69bd5ccaf6ba3ca4b9f180c9153dde01af738ffc46c642e135c83ae043fafc9a5cae9c267cad634035a71a

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 b71c3eb6f3c83fa02d1b2bd61a8638f9
SHA1 02d531d552cc430e030e6cbe055e69a0a5131556
SHA256 132a6ff2f3a6c985d106bcebf630c52dbeed9793e859cba6ac1449b904da5f6b
SHA512 63e745f996ccd4b73e9f2b6facc10024bc8511f4ae62c77ab4b27e85efe4915be296d24df2df1e856dd1e0b20c37a74ca539915f713e9e893ce239911e29d7a2

memory/876-124-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5AC2.bat

MD5 c1b24c344101dd3183db7082013441d6
SHA1 23b8df5c236820148fcb1bae8b42f4f6aeb279fc
SHA256 5ba30e8cb49c552559d36b6945802b88c39c865584b57f1eace9adfe1aa60c8b
SHA512 fb7dcf967f53e65aeabb23b15e791bc0b3d80f7d789da8f5f64d32552165bc931004694534ed33af2f158af98eea23275a81d6ad6d395c912c51ea0195c74aea

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 f1694a82989c2861c4c5a55337bc0e0e
SHA1 abad8935086f9852ae48d9a3845d3641ea33060a
SHA256 579f97be067b8616d77d113794e3e27d97d3d790ff1cc3568d4e4221f1eb60ba
SHA512 4059e1900f30702fd25e12d8259a5554172e5aaee9b5f4ab8843333f95f57ca109b37ec998c5fe75ff23f655e0d465c356e9ff953742c4edfd418043fc682b0c

memory/1924-131-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5CC6.bat

MD5 0bd19b86b93dce1341cec3a134fda786
SHA1 23ec7b658a3dc398d4ad74d4b482a2136e863628
SHA256 8d080b6b3d2901f08a6792881a1c82252432ff7b38dcdd5b4b1a98761f95c4d8
SHA512 5cd077b44f79cc3f30a7ed6e9e47ca67dd2499e9fddd737bbaf491ac1d91bebaaf68c8da43fdd7a6ba5734350be24e529103d5d03a1cd21cbbffc0350537f3eb

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 e23da2792abac3f891601e3e3e00b937
SHA1 8f3cb2f7291b8a387b9c4994b8fb983adf456384
SHA256 75502e2259f333be9c103d3f1217fa33fea2add597e975ebbcb598f509af3108
SHA512 f6e22c68054eabd45877879677358e1ca282bb6286c00c9efb4d1ad086f6a936729477a94583d3a4591d8b8d5367ea921e63471b108495cbec648cfe3b05b2b3

memory/3228-312-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a5ED9.bat

MD5 8ef1f6165421083123dbd60acdffbf9d
SHA1 d855b662edc6a64c9edf1cd23cdd24d4393dac4f
SHA256 f9083459e8963a5c9b294110e86e9b9b7e795a8683b222fa2e220ce27831ed93
SHA512 6c498ded9f0ad6ef6b78255a3b61046e164054dd36c4c24c02cb7991cf26a4af5537b64010f84591e9de79c9ab5d44a78caded8bed5929dc4169295c1166f33e

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 96578f82f2860864b10e1d320304b1fd
SHA1 8e5650f9baa771441e6567190e692c46ee38c051
SHA256 f709c06be1a41a260d31e754ac97418b3b836d5af8dde4c853088e24ffcead36
SHA512 5da4c9e7f6886cafa91e2f8767131054e0a6f841c5d8cb006e619ad3315cd6d436037b5dc8eabb3eea58a3c211371d51130185f2121b1f4c6dc61b1d90399661

memory/2080-428-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a61D7.bat

MD5 46ae9da7326b1f1c35ba9c5a93ae4d6c
SHA1 5fac1c298ac412d120ec6805b908305b30c85369
SHA256 e6b36aa1f10734fb3db6914fd1ecd4a5822c61dcb41acf84ac7de7fdd77d3d67
SHA512 f4651577d26e59cb6fa0ddee596958a3912b094f3b47d828e1f559af8ea4e61c21a0dbefa6def6a7e67afed7b680f429f60166d299d100cac3b53e3b34957a7f

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 82331f7ccd0d087f67a00f3ecd68f4fb
SHA1 17630caf9a895f09e30cebf21a15d9238b1fa364
SHA256 b09de5b846b29080eee0590f73c6c497bd0adad1d274f0b0b87d77b283181675
SHA512 c01badcd9c911554dc92c6748a1e082e488373fbc716f920cb8f06125af3220d50b3791186b22dc83e09f137a786445b64fbc5294984114c0ed218282c0f5fa7

memory/4816-547-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a62D1.bat

MD5 bd62fd5dca4c443b6af473ef8f5bbe53
SHA1 a83493f227f1412668322c0c53e2f749274f4560
SHA256 9b3d1b78d08e0fd313b32e29a02ce19157cfaed0d3b8d11e644e33e45e511696
SHA512 a40995465767db4beb9bd4327b75a6062d4ed666076c886317eff71d21d0a19d47b75e0bc63d67578347d1a730ea86eda737a96e11e80efc3567263bbbea1e08

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 30beceae923ccf13c67895383e3514cc
SHA1 9008cdb23a5530e3dd8ab36cc4a9126de74e0c5f
SHA256 d5510b187fc5d5a2f60e4d59f5679c9bb47fdd19b76d018a14ddfd9829055534
SHA512 a215f65740ea08be29e01400f1bbe159020af037fede4722a7fabc44b050c6e486c60813a5df58e85357dc39d893dcb656a5767d1cf472cf618581755787f017

memory/3964-919-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a660D.bat

MD5 5c0b8d6fd3d217617177553242552072
SHA1 0fbe47693c2836bb522d8d8d964c2c3cf61dc2d8
SHA256 8945ae642e37aff65735b39505d4a37a8122a482e28b5b30884bace71b072b2d
SHA512 11e603ef91ef3a25d7314f3ce60a4eb1c65f153705f0a87b44b2b8e475b2d98ec6a296eb6b852237258ce877f56b9f74c6c8a13b9dff288fcc686c647e2d951b

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 331bd202f74befbd0c5498a9273fd181
SHA1 3e25abf4e5f885409f1c5547ccfe628166b1bb89
SHA256 9479223eb01ded61fb4542d716dadd91afd1d49bab3bb1754b10d95419990294
SHA512 8a9adb7916f614f541866f4b27f32de9a30d76e67311bbbd42fbc2767e52249ff7a73639404643a2925d480dde3a7b7dbf74c4caab252bf9ad8a560bba433abf

memory/2512-1068-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6801.bat

MD5 4fe23dbf310ef98c200dea6ab75c674d
SHA1 9611ba46844db55d5a91c647194e4660e0d07aa8
SHA256 aa1044ba487cee9e844c77bfbf83002f47678680efc3b675513e187150862531
SHA512 ba57f96282f0415313460f726e22ff73b15f39e8eb269ad57c11fbd13bd0e7b15bf7bd09aead91090bf9a7f1494df7231b6a4e197b05e683c9e40658f110792d

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 97cce83ed2d0b9b0687577b5afeec06b
SHA1 c2b8f86ce468d5fc4cd63c154253b70d0af04803
SHA256 1e2a0f716bb6e22d9770b3f202cd0eacd65f95a659bcf144bee1f5a70223d88d
SHA512 dbe1589c5e84130cfad9b7b8d6d6e59f214ad0a4a8ea8b7823b9f03a67301962a34f547a21f6b77a36b706e3bcda004e03138f472299a50210cbd2de1a913fc2

memory/4728-1214-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4740-1250-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6968.bat

MD5 98cacc38314e9d862ab727c635cabc0c
SHA1 02fed25ec2ad86685ba9dea4e82fba4b0a6eaec6
SHA256 6abdcc6ee5b937ca913238f75aa553d49259fff77c7156ea5f4008a3df78910a
SHA512 a766b9e63b8b1694be4f905597db811811783bd0cdf4e8f0016c9fa36273ba7df5ed18b0e1fbd36fa84a2dd4b1f74a47473f9ab779e815a89a31b2db41439b82

memory/3412-1504-0x0000000000400000-0x0000000000445000-memory.dmp

memory/652-1655-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2752-1861-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5328-1969-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4456-1973-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2332-1977-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4740-1981-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5960-1985-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3264-1989-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5564-1993-0x0000000000400000-0x0000000000445000-memory.dmp

memory/208-1997-0x0000000000400000-0x0000000000445000-memory.dmp

memory/828-2001-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2476-2005-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2280-2367-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4044-2559-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2308-2681-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3892-2825-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1448-2945-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3036-3211-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2476-3389-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4548-3561-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5764-3765-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1692-3947-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3160-4157-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1772-4331-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3056-4563-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5652-4691-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3068-4943-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1008-5123-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5140-5350-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2680-5604-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3708-5758-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1832-5784-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4872-5788-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4656-5792-0x0000000000400000-0x0000000000445000-memory.dmp

memory/640-5796-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1220-5800-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2000-5804-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2248-5808-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4512-5812-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4700-5816-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4668-5820-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5104-6223-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1008-6332-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1808-6337-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4832-6342-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3796-6347-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1644-6352-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4512-6357-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4580-6362-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3684-6367-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2032-6372-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4628-6381-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2512-6386-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4952-6391-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5232-6396-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4824-6402-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3164-6407-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2812-6412-0x0000000000400000-0x0000000000445000-memory.dmp

memory/856-6417-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4460-6422-0x0000000000400000-0x0000000000445000-memory.dmp

memory/316-6615-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5660-8318-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3124-8563-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2784-8776-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3664-8987-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5296-10324-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5272-10376-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5956-10381-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1536-10386-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5000-10391-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5268-10396-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2868-10401-0x0000000000400000-0x0000000000445000-memory.dmp

memory/756-10406-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3264-10411-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5928-10416-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4752-10421-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5316-10426-0x0000000000400000-0x0000000000445000-memory.dmp

memory/556-10431-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3388-10436-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1808-10441-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5652-10446-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1984-10451-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5664-10456-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2248-10461-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2580-10466-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4416-10471-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3672-10476-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1656-10481-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3404-10486-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4920-10491-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4548-10496-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5768-10501-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5164-10506-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4824-10511-0x0000000000400000-0x0000000000445000-memory.dmp

memory/212-10516-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5332-10521-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4636-10526-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2564-10531-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5888-10536-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5364-10541-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2620-10546-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1532-10551-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2196-10556-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5392-10561-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2788-10566-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4092-10571-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3028-10576-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4708-10581-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2452-10586-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5216-10591-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5384-10596-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3136-10598-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5652-10603-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1984-10608-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5276-10613-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2208-10618-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2580-10623-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4584-10628-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4904-10633-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1160-10638-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4988-10643-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1448-10648-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3884-10653-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5264-10658-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4684-10663-0x0000000000400000-0x0000000000445000-memory.dmp

memory/972-10668-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3092-10673-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5324-10678-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3004-10684-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5364-10689-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6056-10694-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1772-10699-0x0000000000400000-0x0000000000445000-memory.dmp

memory/828-10704-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5740-10709-0x0000000000400000-0x0000000000445000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 17:25

Reported

2025-07-04 17:27

Platform

win11-20250619-en

Max time kernel

149s

Max time network

103s

Command Line

C:\Windows\Explorer.EXE

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hans\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ru-ru\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\885E2137-A6C8-43EF-AEC0-ECE2AB6B37A9\root\vfs\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\es-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-gb\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\pt-br\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Media Player\Visualizations\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Windows Sidebar\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kab\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\uk-ua\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\win10\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Logo1_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Logo1_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5296 wrote to memory of 5808 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5296 wrote to memory of 5808 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5296 wrote to memory of 5808 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5296 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 5296 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 5296 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\Logo1_.exe
PID 3544 wrote to memory of 2152 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3544 wrote to memory of 2152 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3544 wrote to memory of 2152 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2152 wrote to memory of 1776 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2152 wrote to memory of 1776 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2152 wrote to memory of 1776 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5808 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5808 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5808 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1064 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1064 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1064 wrote to memory of 5916 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5916 wrote to memory of 5128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5916 wrote to memory of 5128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5916 wrote to memory of 5128 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5128 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5128 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5128 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4720 wrote to memory of 3396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4720 wrote to memory of 3396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4720 wrote to memory of 3396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 3396 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3396 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3396 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3544 wrote to memory of 3324 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 3544 wrote to memory of 3324 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 4992 wrote to memory of 5080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4992 wrote to memory of 5080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4992 wrote to memory of 5080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5080 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5080 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5080 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4380 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4380 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4380 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 5124 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5124 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 5124 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 804 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 804 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 804 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 1012 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1012 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 1012 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 884 wrote to memory of 3696 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 884 wrote to memory of 3696 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 884 wrote to memory of 3696 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 3696 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3696 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 3696 wrote to memory of 4832 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4832 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4832 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4832 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4716 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4716 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4716 wrote to memory of 4920 N/A C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe C:\Windows\SysWOW64\cmd.exe
PID 4920 wrote to memory of 5340 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe
PID 4920 wrote to memory of 5340 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9114.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a92DA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a95F6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a96B2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9858.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a99FE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9B55.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9C9E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9E05.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F5D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0D4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA23B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA3A2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4FA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA671.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7AA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8F2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA59.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aABA1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aADE3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAECE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF99.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB054.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB15E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB239.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB323.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB391.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB40E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB47B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB4C9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB508.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB565.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB5B3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB602.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB650.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB68E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB6EC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB759.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB824.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB96D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD06.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDE1.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBECC.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF77.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC014.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0B0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC17B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2F2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3FC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC498.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4F6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC544.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC582.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5E0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC64D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC69C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6EA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC738.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC776.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7C4.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC861.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA55.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB10.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB8D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCBEB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC68.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCC6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD14.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD62.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCDCF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE1D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE8B.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCEE9.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCF37.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFA4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD011.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD060.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD0CD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD13A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD1A8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD244.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD31F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3DA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD448.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD496.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD503.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD561.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD5AF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD62C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD699.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6F7.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD745.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7A3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD820.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD89D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8FB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD978.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9D5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA43.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDACF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB1E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB8B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC08.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC66.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCB4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD40.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDAE.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE4A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE98.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF06.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF63.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFF0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE05D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE109.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE167.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE1B5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE232.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE29F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE31C.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE37A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE3D8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE426.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE484.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE4E2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE530.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE57E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5DC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE649.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE6B6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE6F5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE743.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE791.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE7DF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE83D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE8AA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE8F8.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE956.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE9B4.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEA21.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEA7F.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEADD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEB3B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEB89.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEBF6.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEC44.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEC92.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aECE0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aED3E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEDBB.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEE09.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEE67.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEEB5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEF23.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEF61.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEFAF.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEFFD.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF04B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF09A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF107.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF145.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF184.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF1E2.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF220.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF28E.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2DC.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF31A.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF368.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF3E5.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF433.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF482.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF4D0.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF53D.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF58B.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF5CA.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF647.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF685.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF6D3.bat

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe

"C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe"

Network

Files

memory/5296-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/5296-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3544-9-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat

MD5 bad0f916ff9ffec42b85b1c394b4a12a
SHA1 6292ab329026b9fa462df33425aa855656dc3386
SHA256 6fa02d308cb9199df6ea04eda90b95652b76f0e32dfff83813e339baefea63da
SHA512 a533182bc65d021fa3ff354d8b2494e416fbf556609d8f6838067eac9617aa8f1263c5e8c8b06669a0898421b335e7c110f482229f91654338a3293799c58dfb

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 b82d96f76f08c76a1196291d50f8f75a
SHA1 fdc9895f995a4f994b4490f9f1a1b14b52468d23
SHA256 394144fe33d667b4a69f86d92f3e4f6dc6791a1e0a1f6feb4c4764ba1ffb99c9
SHA512 8c7dbb951ca675a50dcf98430b2d6eda385745f682a196ab91f25a00223e46352413a6bd434687a81af09c6e6cef0b584b3e47d4256862846deda0e10ad4afc3

memory/1064-19-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9114.bat

MD5 65f01177ed4165e6bb8b48176a1f0095
SHA1 840c4aaf34b5e8cbe4ebfaa1c19f7d70c4f6a840
SHA256 ff86764dec13feca97870bc0524b533b247a3f64a95932972646fa22a2b042d2
SHA512 a51ecb27767ba85424c0041205a56ee0747574bb6e26d76fa1fa657a64eae364620ef7dc833557df00068254eb3c2c5433a11c12743659782e211fbdd18aae6c

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 48d2bd4a1ad8a25e4ce2e27a24c4b0ad
SHA1 ba1fb34bbdf31fc6c2e5ae3b44a024c557a7d4c6
SHA256 c959502d180bdb7cb8583ec4d72bcd582bc14bee145a00e43206b43bf3875172
SHA512 f11d34868b0b6ac1251b23ee80ac2a92ea8e711dde9a8d096f0569d46e1e0b35ad4fef44d968dfdcbc430defe9d3a829c3442633d3f35258e3f2d3a8f9f0d670

C:\Users\Admin\AppData\Local\Temp\$$a92DA.bat

MD5 7fc071c88c3f8739802478d3492d66d6
SHA1 c8e882bb93b955734c347def7e28522a656e2f62
SHA256 f8cabc580bb08e7c296968dadb8b4db7aeff25347cab7a05dfc98b5c34f1f69c
SHA512 593e22a0bb61da30fee14b5eefc09d361f9b23cb8cd67f6c1eb172692fc97a3df420f6d4c31aa23d7bb0a3103b0c56aa771ed9624d2cad8fd6fb01d2c693570c

memory/5128-26-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 3877be739c56deddb4eb1881aec2dcf1
SHA1 538ae3fb32f174b4a1ac49b5b7498062105cb97a
SHA256 5112757c58263bbfc0f8bdf5a835f101ecec99fa125367d717aafdf47ee453bc
SHA512 4511deac9ce255332ef791cec49da88980d99bd562437e418606feac5605b18508358da8f78d59e17f9013fe0760ce3e92013034c9cbcaf0c76b2e9e33f8e56c

memory/3396-35-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a95F6.bat

MD5 8b7de473ef441d60bf3029418c84a8d0
SHA1 6a81e7fc4c2bfb5d73bc5c20fe9d57395f4338cd
SHA256 e6bc0480db98f2eb240e4402e6b50cabe4cc25e1f167ae8926fb4d4f7f88ee86
SHA512 309ccb72eecc50fddac3cb558bb733d401e179404e2784eda485729b623e024eb0f8fc3d1132e7bf9e2e5218848ef8526b3ef3c7f74d21625330988c34ecd66a

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 812ece06733009a82bf6408985929fba
SHA1 87c8591fb9987b13002b5c120e09ccdac311f3ad
SHA256 ee552dc7fbe9bc0578a51d19059c17277c0b35ebba26483b507537f626de16df
SHA512 97be453c59be0d37226dccacfa16e3b5ebeda2c59c3dbda3243ab537d23b85a0372bf5688de891ac74bca332ec4f73b393515bbe2c13d7ff0c37f74ba8581677

memory/5080-43-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a96B2.bat

MD5 6b75b12e84e2f759c0ba576b631c1d97
SHA1 489bd990c2a4a154d228466fc530b4bad823e5c7
SHA256 6d1e1502c8f6e81d13cb43a829a037164f3dee8ea549d4de3063fc53205860bc
SHA512 83fc978363c5cefb1738c82c27749ef308a198204a45f4eb1ad335fb4effc56f353fc49dc2df44cba3f178792045b290e941eecf38a8020fe9d2a13c3925a854

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 1dae950688a0388d44755bd325f3b26d
SHA1 a16dcd5c2c9ca5e7a5e8bc252d45cfa31b13899f
SHA256 529b13158d64c6e0411e318831993b908017105a70ff69d7338b81ee72c23999
SHA512 52ecbd477358d513b3c9900387ca8560dff6476ac51347d71f67dc140eb4c11298fd9848a3ed9217a676c896e0b11d02dc9e1402799e4230f337e236dde258b2

F:\$RECYCLE.BIN\S-1-5-21-4024151881-1944119507-1574723210-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

memory/5124-56-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9858.bat

MD5 3e609e3dc16a220a29165a2803d3e056
SHA1 73154b3a8f95b2c1cdd6446ef34489c889313ae4
SHA256 ec184d575b59a60888f0400cbf56240414a95dcedc77378a91872109aed9d467
SHA512 c50e6fe123ff6f2c9363a65bf5363f74802822ff8b559ba68b9271f9734373680591132b1ccee035782f31171492a1e8520ffbaef2331bc6b465221a97e35b01

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 a2778cca8aac0d851850163b266dcb83
SHA1 621d3ca4af2ffd706ddc75a20da1bd8220496c81
SHA256 61c330ed6a66c9f01eee7ec82bc803f35de11ee189eb0154beafacc1b26baacf
SHA512 84b58a779f1db978a279440d6b2986fb89aa89f8e0f22ddb0767096d7542fe0a176b5dc262c796f55a81fb2e83e82cf9f55b3070cfd90d7636c9fb036bb0d583

C:\Users\Admin\AppData\Local\Temp\$$a99FE.bat

MD5 c131832807d1ecea6375a69164afa4f0
SHA1 541a32206495c1cc2312a4f8b676879e259aa3c0
SHA256 bd8b2f5067a0284f57001fe0e9a96788da94a47375779e7cb42d5b7975bf026c
SHA512 e8c8c7888a681d88bad6ec2152417cc608a29973b80250ff43e8adb24cf52dbac36858f58f3e1aa9c27fed19ab0ff839f7c8a0ce15c6573f07fdc60bf19212ee

memory/1012-63-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 30c88578daeea32c5a9193f659a8e9d6
SHA1 f2399d1f19d5aac28ab3396cc2e60f069734abd2
SHA256 de99ee0a80b839cb114b209ce66dbe7138332206459b976e80d56c5a7d548282
SHA512 1dea150aa85a1835c683553bd4270ceee8578fa13200bfcdace8456be125a01315441775a0c06c432bc12c66c6bf9f7956187dc9617b538b322869e3a431da0f

memory/3696-70-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9B55.bat

MD5 da424143f86646f053aee38e230f5a0b
SHA1 2cfdfaacb70bc28ad4ce3813fe5a5cad7b3c7b18
SHA256 348f1e690e9e677f1c02784eb0a5713143f240613a69fcbbaf8771c7d60b091a
SHA512 38a9dec30bfc93dfd009cb035dc9616fd17e71e6ea0cfc373cd34fdf2093e0d9fb0bb8f6b5d4691d206b369534c1da0ae0c1da21c10662ae5f06cb8493e8d4dc

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 f0d0c4f1cd44bef920faaca002031a48
SHA1 01156004c0dfafa5fe1090a31d82bc41db570030
SHA256 1a672282612bf22732e9ee76da3c2948638a356cf7f2ca680e5c55f68d956010
SHA512 dc4d6305e3e317785394d8f2e8436a238a70685fb05c144d04810f7ebfedc22c9efbbd147f004974750b73a18d3aa6fdc4e05a259c81a0a6770495d2f108dc23

memory/4716-81-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9C9E.bat

MD5 1bd9f6fbd33e6e9109ffd4d434954cbe
SHA1 998e68a83e63fb5d266151fb856cd38c78fc5161
SHA256 5b7117c8ab7210235cc03beddffb8cc2fe20ce78ce5c2ba235156f45c5bcd27b
SHA512 a8841bed82eeae5eb8d0359861a8b2465e2e350d7b845c316a31cdb6b667864dbf8d89338a4fa4e230ea3cc21bd4782323d04d6a6986641f0329aa01838db536

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 7479252108e618e6b64d55bb24233a2a
SHA1 6572ce58440f6fa531c381ed19b04b443331c35c
SHA256 03c83306d7b3490aa96d3fb2d78b864474684ff26077515f84b2fcaae29b7adf
SHA512 51360f6cf656220fd83fa64ccc603661d30e13c47386f7126cd1ca6d6e8a9f1550d0b51e36bb5ccadb93911820b57da871960678e354b3af30168f1ea84abb1c

C:\Users\Admin\AppData\Local\Temp\$$a9E05.bat

MD5 0f95c190dcb2b5dacbf126771c8aac1f
SHA1 4bb6002899eb2a5463d8a84aac865a54200abd5d
SHA256 078745d5c31b03eb2c99407f909352ee70c193481979eaae7b227357ba3b2a99
SHA512 bc081fe6212abc7919c85aa5974ae2a273032562e6575e6d570d05c9b8b9372ccd7030ea00faf70bb2d11a8dd808e19bec32e12225154b299d5f444851ae1660

memory/5340-88-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 626a75e9ce00ae5cbfbc134159117a51
SHA1 c1eb205592c73f8ccfcab169ea9aedf3fd671834
SHA256 09f6b32613eaabc5dc57c3712152ac10e4646f8b24587b44410a3b7303e2c1c5
SHA512 5848b65734a26c33343974027a6925ed14b7147f89f1b2ea8af72b963955efe128431e533090b57300e38e4cb62f806e029deef14bc0121881d5c4733e86019a

C:\Users\Admin\AppData\Local\Temp\$$a9F5D.bat

MD5 857e075c8aec5cc5ba99f81f0c435973
SHA1 b08e3fdcfdb1a16c6bcf7f6337fe67a8a2ad94a1
SHA256 628b0d35bed5f6ff1756f9398f859f3d103fd10fdd91b2be8192665fcd1df323
SHA512 b664c7cf3493539c773d15442774ac1195c6a984daa4a80b6120662cb34a9f80f3b51c4d4f6b9351a150c587e8b2e6c35f04d3b838f574a681abaf9334e8b932

memory/1872-96-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3544-92-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 98af4cc4cab8eeb602c7c44a4fb52ff8
SHA1 0bbdc7c05666aaa912a43e442001b207e75420ec
SHA256 fa7550063d9ad22b5670e65cef1b371bea442b6fb9f0349e3eaf18a6f7c8757f
SHA512 7e923673108c41b89bceabb28c9690681a1e2490f92142237bff0ccda747c218b864d77c4603701d522218e1eec9286e1cf6c1a64df9351e5b28c2a384d56b3a

memory/3580-105-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA0D4.bat

MD5 c2a01ff044d5b4b97e60475de283ed2b
SHA1 0e4e4e9a93b8e8a3ed4a1384abfa479e57879977
SHA256 bae6dd0bb3b0a8b0b044497ea9be05626676655cbdba703722296a6ab0dca530
SHA512 ba2693cf252d9449f31938bdd14ed89058983ca161d5f91035b4aecb3ebce6eec7cbecc5e021edcd037575e0b467687edb641cbdb0af344aeb0d979778ab4bf9

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 712e2bec8ac9946db54a25f10d5c8374
SHA1 76ef8d406b050050aab52c32b2e266035563ec05
SHA256 f3d3769c2c78bcc86184e504014d1be84454002b0df55d4efdf200945c45de18
SHA512 f22630899755c13a28d2a26b1dbc7b2426a83c3478ccaa0e1aef6edc08640a66d9bbc32567c01d521316d73300d5fba1747dcd2659af7635d3a6f8d3c327837d

memory/2324-112-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA23B.bat

MD5 497591b9bd74a63076cec27a5c16176d
SHA1 31c0f07691e1c2eb83eebf69792e7c31e828bf41
SHA256 bef16a10452c6ca9af4d8998424994d5e7a3997883e8dbb0e22e69f39ec9db1a
SHA512 551439246fac0f953c14cdaec2f4ad9285931ad25dff251055f46c5d32d38a5e9073225f9c95f5c981c180fe52268fdc964469de8b2ec209c8cc67528daf833d

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 b71c3eb6f3c83fa02d1b2bd61a8638f9
SHA1 02d531d552cc430e030e6cbe055e69a0a5131556
SHA256 132a6ff2f3a6c985d106bcebf630c52dbeed9793e859cba6ac1449b904da5f6b
SHA512 63e745f996ccd4b73e9f2b6facc10024bc8511f4ae62c77ab4b27e85efe4915be296d24df2df1e856dd1e0b20c37a74ca539915f713e9e893ce239911e29d7a2

memory/1840-119-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA3A2.bat

MD5 f28b6d67a93ad21357b496cccb57c0c7
SHA1 4493334c8add4ac3523a48fc4911f4d0f594fec4
SHA256 97f8ee02d2ffb080e9ad860eea377a052ecfef9dec97778fd6f2062a8088b3fa
SHA512 55ee5856762da692ebe06a655c69b7959e3cc4b4f3c63d7a87c746ce2a873906b7c7354b0c508810f8da99bf4558764510d1d8ab7089f33beadc5b4bf26cb2ff

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 f1694a82989c2861c4c5a55337bc0e0e
SHA1 abad8935086f9852ae48d9a3845d3641ea33060a
SHA256 579f97be067b8616d77d113794e3e27d97d3d790ff1cc3568d4e4221f1eb60ba
SHA512 4059e1900f30702fd25e12d8259a5554172e5aaee9b5f4ab8843333f95f57ca109b37ec998c5fe75ff23f655e0d465c356e9ff953742c4edfd418043fc682b0c

C:\Users\Admin\AppData\Local\Temp\$$aA4FA.bat

MD5 96279debe6353657753b683ee8df40fc
SHA1 296514b1d33a32057c993f90c0df01cd449f46be
SHA256 09c0638e3b2d41515b794d316193cb7267fe94144edea17b005cc5ffe37c6d2a
SHA512 17633b9bfceb048ddf943e21940a9290a37f2cbcd2bcdb91da338764bc5a852aba6d1a18a0e55c3521ee8dccefcc3d49853932ba12f094b5c5bbfdf91b869cbd

memory/5316-128-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 e23da2792abac3f891601e3e3e00b937
SHA1 8f3cb2f7291b8a387b9c4994b8fb983adf456384
SHA256 75502e2259f333be9c103d3f1217fa33fea2add597e975ebbcb598f509af3108
SHA512 f6e22c68054eabd45877879677358e1ca282bb6286c00c9efb4d1ad086f6a936729477a94583d3a4591d8b8d5367ea921e63471b108495cbec648cfe3b05b2b3

C:\Users\Admin\AppData\Local\Temp\$$aA671.bat

MD5 f7a7d3e303f84a6591b8973756c8248d
SHA1 6db31cfd9c8649310a0b215fecacef97267d91e8
SHA256 00344948631c747727c0774643743c7531140caf31383dd9d6050b85d572355d
SHA512 5f7045cde0e9e65bf7149807ff0a3f785b839e3d83f24a32396fb65e4fabec2e69ec788689fcd2b1e1f650e03cccf170cdd0f3cb5519dc6755f28ce752eb93d8

memory/752-135-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 96578f82f2860864b10e1d320304b1fd
SHA1 8e5650f9baa771441e6567190e692c46ee38c051
SHA256 f709c06be1a41a260d31e754ac97418b3b836d5af8dde4c853088e24ffcead36
SHA512 5da4c9e7f6886cafa91e2f8767131054e0a6f841c5d8cb006e619ad3315cd6d436037b5dc8eabb3eea58a3c211371d51130185f2121b1f4c6dc61b1d90399661

C:\Users\Admin\AppData\Local\Temp\$$aA7AA.bat

MD5 d8e4c402330ad46444083f0aae45a4cc
SHA1 0bd8c99529fbf05b90fa7efc2d344ba74c933461
SHA256 1b7ade53803523f86db1e545667a0287a0ef42e0679abc0e2ae9d5159fa2e341
SHA512 c7d31fd0be82444368b340de4ba5a2a1a5ea1cc579d0ea3c9dc39c23f757145192ef56481057e0b727e8ca0bc165584ef19b31729eb191208d5c4117c1febbc9

memory/4272-142-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 82331f7ccd0d087f67a00f3ecd68f4fb
SHA1 17630caf9a895f09e30cebf21a15d9238b1fa364
SHA256 b09de5b846b29080eee0590f73c6c497bd0adad1d274f0b0b87d77b283181675
SHA512 c01badcd9c911554dc92c6748a1e082e488373fbc716f920cb8f06125af3220d50b3791186b22dc83e09f137a786445b64fbc5294984114c0ed218282c0f5fa7

memory/5716-151-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA8F2.bat

MD5 24491488916000b420be53835166952d
SHA1 e9f6f3d08c2a120292d570580d130662c664307b
SHA256 8d80cb70e2cc0476c55a553fb6046961605affeea628a9266cee55767ed8ce28
SHA512 2b97885d50f7b7f306dcbd7bec9da4516f6ceebd103be64cd6560cc513085b1c9f5e51b7a504cd16b9bd9797af1c1d7c62915dc5187a80b1b92fd0bfcf39bb11

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 30beceae923ccf13c67895383e3514cc
SHA1 9008cdb23a5530e3dd8ab36cc4a9126de74e0c5f
SHA256 d5510b187fc5d5a2f60e4d59f5679c9bb47fdd19b76d018a14ddfd9829055534
SHA512 a215f65740ea08be29e01400f1bbe159020af037fede4722a7fabc44b050c6e486c60813a5df58e85357dc39d893dcb656a5767d1cf472cf618581755787f017

memory/5256-158-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aAA59.bat

MD5 b8a76cb50ec4cd49edfea4cb2a6283c3
SHA1 9206629dafb3b9ecb27099b3ebee2770ad9a26fc
SHA256 5079994b5aa4ae43c184e3d4aaa26c280181ddddb483c475fe0b32bac9fca19c
SHA512 eb4c3b05a384f0aae337c950c880756d128a562b9db819050f5e1bfc923dfcd1f3436e2fbc348cb629174cec8aa165ef034828f7f81e7ccd94bfc3a166804a8b

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 331bd202f74befbd0c5498a9273fd181
SHA1 3e25abf4e5f885409f1c5547ccfe628166b1bb89
SHA256 9479223eb01ded61fb4542d716dadd91afd1d49bab3bb1754b10d95419990294
SHA512 8a9adb7916f614f541866f4b27f32de9a30d76e67311bbbd42fbc2767e52249ff7a73639404643a2925d480dde3a7b7dbf74c4caab252bf9ad8a560bba433abf

memory/2504-165-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aABA1.bat

MD5 6d5fb26bac7fa6dc7a0e36b76748c6d8
SHA1 df5f241a90e8c80a4cbd6087b38767af39bd1232
SHA256 763eae00b4c259036b95d7d20c995e7ccc6e18c8edc3e43da2b923f84023303b
SHA512 9c47d9f4910edcc33dd85d613eef760344526310b68a446700c97533034e22767d26c907c7e5f16dd2c91650566ed27a046137df26c1f67575d43b67058f4fe2

C:\Users\Admin\AppData\Local\Temp\46152a7989c566f20f7f6dbe0d7ab7fab07ba1da1390dee99a3b044307ffe088.exe.exe

MD5 97cce83ed2d0b9b0687577b5afeec06b
SHA1 c2b8f86ce468d5fc4cd63c154253b70d0af04803
SHA256 1e2a0f716bb6e22d9770b3f202cd0eacd65f95a659bcf144bee1f5a70223d88d
SHA512 dbe1589c5e84130cfad9b7b8d6d6e59f214ad0a4a8ea8b7823b9f03a67301962a34f547a21f6b77a36b706e3bcda004e03138f472299a50210cbd2de1a913fc2

memory/2996-302-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aADE3.bat

MD5 f90f754eb0741d7cd4e0c1346c3d7699
SHA1 c1963bdd5cb4bb63a337a255947e68d958049abe
SHA256 12e6235d8635e9dcb7b68b65aa93215e9508d2f3735406b6e7c4f3ee30de0192
SHA512 ebfb41370ddf82107ccc78e83499b88388bf42f8813a90bceb55d7fc7d730c876fda13424ad4fcffeed859ea98b5e2471d9fa771cbe34a7ed910a46e72ce5ff6

memory/5400-466-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4584-673-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2452-889-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4976-1251-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4276-1581-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4616-1879-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4716-1919-0x0000000000400000-0x0000000000445000-memory.dmp

memory/976-1923-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5096-1927-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1548-1931-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3580-1935-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3344-1939-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2132-1943-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1172-1947-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5512-1951-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3452-1955-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5696-1959-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3544-1960-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3476-1961-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3476-2021-0x0000000000400000-0x0000000000445000-memory.dmp

memory/924-2261-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2032-2695-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3560-2999-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5340-3318-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5968-3627-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5008-3892-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1296-4083-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2632-4281-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3396-4463-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3296-4707-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4972-5240-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4088-5644-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5564-5708-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4636-5712-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1064-5716-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5132-5720-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1264-5724-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5864-5728-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5164-5732-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3824-5736-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3332-5740-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1660-5744-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4616-5748-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2832-5821-0x0000000000400000-0x0000000000445000-memory.dmp

memory/400-6036-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5536-6251-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4636-6256-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4068-6261-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1840-6266-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3636-6271-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5200-6276-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4592-6281-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1720-6286-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4400-6291-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4252-6296-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1964-6301-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5036-6310-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2380-6315-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3096-6320-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5000-6325-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2676-6330-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2068-6335-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3360-6340-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3544-6342-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6012-6350-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5884-6356-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5888-6361-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1056-6366-0x0000000000400000-0x0000000000445000-memory.dmp

memory/224-6371-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3000-6376-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5836-6381-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3408-6386-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3756-6391-0x0000000000400000-0x0000000000445000-memory.dmp

memory/488-6396-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2712-6397-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3948-6402-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3572-6407-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2076-6412-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2372-6417-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4320-6423-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1236-6428-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4748-6433-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3924-6438-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6080-6443-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5516-6448-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1704-6453-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2884-6458-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5028-6463-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3132-6468-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2172-6473-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3136-6478-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4384-6483-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5368-6488-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5588-6493-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4888-6498-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1984-6503-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2812-6508-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2324-6513-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2120-6518-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4288-6523-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2480-6528-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5700-6533-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1100-6538-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5868-6543-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5252-6548-0x0000000000400000-0x0000000000445000-memory.dmp

memory/644-6553-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1432-6558-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5360-6563-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2792-6568-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1420-6573-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1556-6578-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2296-6583-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2936-6588-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5532-6593-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3008-6598-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5292-6603-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1260-6608-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4092-6613-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2260-6618-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4636-6623-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1564-6628-0x0000000000400000-0x0000000000445000-memory.dmp

memory/924-6633-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4068-6638-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4424-6643-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1472-6648-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4592-6653-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2172-6658-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3136-6663-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4196-6668-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1028-6673-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5048-6678-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4888-6683-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1448-6688-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5032-6693-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2324-6698-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2068-6703-0x0000000000400000-0x0000000000445000-memory.dmp