Analysis Overview
SHA256
de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903
Threat Level: Shows suspicious behavior
The file de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Program crash
Runs net.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 18:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 18:34
Reported
2025-07-04 18:37
Platform
win10v2004-20250619-en
Max time kernel
149s
Max time network
140s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\AdSelectionAttestationsPreloaded\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\WidevineCdm\_platform_specific\win_x64\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\osfFPA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ro-ro\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\QUERIES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\pt-br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win11\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\uk-UA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4A47.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4BAF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4DD2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5023.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5246.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a54F6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a595B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a65BF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a76F5.bat
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84D0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90C6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9933.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0B4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA70D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC9B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB1EB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB67F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAC4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBEAC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC294.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC65D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC999.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA07.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA55.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCAF1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB5E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCBDB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC58.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCF5.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD81.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCDEF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE4C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCEC9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCF37.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFB4.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD031.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD09E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD11B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD188.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD263.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD2F0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD35D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3CB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD438.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD4E4.bat
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD59F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD61C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD67A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6D8.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD745.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD84F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8DB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD968.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9C6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA43.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAA1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB1E.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB8B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDBE9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC46.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCA4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD02.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD50.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD9E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDEC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE4A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE98.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF06.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF63.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFB1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE000.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE06D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE0BB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE148.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE1B5.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE232.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE2CE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE35B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE3F7.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE474.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE501.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE56E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5DC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE649.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE6F5.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE753.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE7C0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE81E.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE87B.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE8F8.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE9B4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEA41.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEAAE.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEB2B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEB89.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEBF6.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEC63.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aECC1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aED0F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aED6D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEDCB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEEA6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEF51.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEFFD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF05B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF0B9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF117.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF174.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF1D2.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF27E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF30B.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF388.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF414.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF482.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF51E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF57C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF5E9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF656.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF6C4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF741.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF80C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF879.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF8D7.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF935.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF9A2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFA00.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFAAC.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFBA6.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFC23.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFCAF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFD5B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFDB9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFE26.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFEA3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFF01.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFF6E.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFFCC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a78.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a134.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a182.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1FF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a24D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2CA.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a328.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a395.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3F3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a470.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4FC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a589.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a606.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a693.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a700.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a838.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a904.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a961.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9DE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB46.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC30.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCBD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD1A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD78.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE05.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE63.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aED0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF5D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFAB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1018.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1066.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a10D4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1122.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1170.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a11DD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a121C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a125A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a12A8.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1306.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1345.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a13A2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a13E1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a144E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a149C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a14FA.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1548.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1596.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a15F4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1652.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a16A0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a16FE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/3088-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/5764-9-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3088-8-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4A47.bat
| MD5 | 58378df47f33bc7267d1c21c697d4283 |
| SHA1 | b3279d3438be64c5431d06cc6ae987da7dce5ecf |
| SHA256 | 86c11a84234e835a8a90723098277ccf73fd4abbc156802797d2a699a783b252 |
| SHA512 | cfe55c127566d4680cfeab8247329a5dfe2b07720035287d7e14d81ffbad50562921c8a4a4bec78f020151d3a5c2b93960cefe482b56c93742750c5a77062d40 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | a0bda10c59495be53bbab82d777096bd |
| SHA1 | c0d374dafa2d4b6bd267784f97b639e38c7f1085 |
| SHA256 | 7b737ca12038a52869eacd1bbdd07647a6684db73c0e2b74c7724d3a9586fb9f |
| SHA512 | 500775006646c666354d173c36ca2eb230724e33db74aec53b08fea816d6c56619715b9b69fe07d4947d3f623e9f25ae9228cdb44b9453b2a4c633d8e0369df9 |
memory/6000-19-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4BAF.bat
| MD5 | fcc5d3bfc2d0cf47424f35746e4af36f |
| SHA1 | caca3c99b0fb968a5cbf22c2089edd4abba26edb |
| SHA256 | a0a4fd7f2c0ae991f2d8bae210530a16dc3bd8a1091a50adf949c5b3cb53a71c |
| SHA512 | 87d7421f59a8cc3b099f6b6271318615fc4633779898d8567df8a7c5900495ac221b489e1c91890f2b1dd536eda27b4de1fbf3f9c38759eba493d08e84018202 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 95499973a8f24182d69ae6a73e67d3c0 |
| SHA1 | 65065f82a1c7e393eb1c4a771a7efa033db20bb3 |
| SHA256 | 14e8944c572d4ad08ffe831f63d9217e815a642c95437af5f78c2ce1a170b666 |
| SHA512 | 10cae3fd862b1a0bc56f1621c9506977bb19aeb0d8f180b6181ae958e1c8c9e736cd68da7f18fa70fe8d4365e243d8fc86327d96766064af81c3ad29c3b79eba |
memory/3548-26-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4DD2.bat
| MD5 | 5b4ba973bd516cf512d0a02206c92c16 |
| SHA1 | 40df8496815298cfbe66fff9499a2ef2ff27f5fd |
| SHA256 | f715a113b3a30b31fd17b9473925b35c6de5e6cd21f444a0a49c95c14acf9164 |
| SHA512 | 5b7f0fbff000f596b9e7d70b0fc5818157d083184464c8c2ef4fd792e5de1f66d7ab1bd3042a43e7586c0ce068a3539c5698b4e89cab33ac5f1b03c383015cb5 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | d7d2100c035e00453635ba330a7cabbb |
| SHA1 | 5bb51970e33daa0c7a62223014800e2eddd79cdd |
| SHA256 | 3abcbd5f63bdd1fc3132535066f877ba286001ddad156d0c21587797c7e8e4ae |
| SHA512 | 4db7840859daafaf310d6864287381f28998a3edb8c88cd7477db81bca2478289ac6ddb0735c61a68f8a6b8e781ad0b7b3dafb44caab09dc78507bfefcca0834 |
memory/4628-35-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a5023.bat
| MD5 | 0c3961d4623941e78fea5314cd9fc604 |
| SHA1 | 8ea2ce3658deeeeb582785f6bff91c09985ba5d1 |
| SHA256 | 76e3187a8b57c2683af4cb828256e2be68d66132369620cef37d665f6c02d3b8 |
| SHA512 | 12f6fa66defb9158bc5afb957117b0e5b38543cb9284137717d92fb25664bd8ebc95a6c26572990dce8677aa92261ceedd2cac73a8f0d74a2459be882ecdc26c |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 44afaee3b657120e4cda156762a7d825 |
| SHA1 | 2580f6a7dcc4e2226c276a4d904f4d69175b4b9a |
| SHA256 | c305416f394e08cfd434f4aef3cea187f929989d9afaf5b844b1f3b3e569df45 |
| SHA512 | 36895724f0d4bf42b4b826e3128a7f2018624742d8c8581514f09ecd9473033d712ed4c8f5ef4642477578b8ff9dc542e2c519f22dcc21ee47a083eb9873d6c7 |
memory/4596-43-0x0000000000400000-0x0000000000445000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-4144907350-1836498122-2806216936-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\$$a5246.bat
| MD5 | 30fbd86d1ed27ab006cb9bb6a3d53570 |
| SHA1 | b9ddc07675cc35ad6ab941e98143dc91909d7730 |
| SHA256 | 32315bc68cc21ba400dcf142f7b24e82a8be5abd6a68f957be25a1c34b11e7e0 |
| SHA512 | 896f82402ee57b258fc6d9ef365a5bde1d63a72f9296d6956fb81135e9c50ef8923d2595fdcfb5cdd0f417d40ee9dc0f9adda127cb468f61204dd5cd13a0309b |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 663ea5c9d3fed897559a549f5f737f23 |
| SHA1 | 4a0d45a9121b6f498eed6c2d3d30b5ac1d8b0f90 |
| SHA256 | ebd6934ffc460c99c35ae3a56e9ed9d6d5377ed8a417c389322af0fa20ad4b73 |
| SHA512 | ee8109561de8f2557b116b0d438ee5886078f8ac08d74b8e3882d601c48b0769d984443a87f50e1ce28cd3c66b2cc11c273d1c3bd80a8d9e20c7e914041078da |
memory/3580-56-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a54F6.bat
| MD5 | 9f1c8675c09a2e99446847a4016fb0ac |
| SHA1 | bfc64a67f7e4d2f2917a20990f0f5668672319cf |
| SHA256 | 9cd250418a503d48e180c123d216bf09e17130b9f68cdccfe66f05f283637e27 |
| SHA512 | d821a63129568701bbd74320415389013da26316e2fa500746e1aadc7199ce3303ada9bf9c0ba262c352ad83563ef0bfbc08ce58cacda75321d618bb8f2705ba |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 95dda39fddc8a15cd5cc81c85fd53766 |
| SHA1 | 26c472964282ce504ecc030eb3573d20c1c8966c |
| SHA256 | f247dbd66ab22886991e3d7e86e2928495d6b5d737e8820b5723a022ddeb543d |
| SHA512 | adccd300c29c363e32624bc2cdbf8514a632687f984b38f8bcb71aa1e5ab85376fe857279ff2d33f15a945f06c5245d5f4643205a292f5ac5cfd4c29b9bd4b58 |
memory/5960-67-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a595B.bat
| MD5 | 9e9b8342f0a9e7a3e55410dda5eb7047 |
| SHA1 | 60834e72e931b03e7d261bcf7b48b22596509998 |
| SHA256 | e5a8ab0b68e71ed2db3ff97f29d3a7da460a93a8d4a4094387d2481e00249a8a |
| SHA512 | 83947c2d035d6f11d385dff7f43ef9d7fa56a64eb083de6623971798532856cb8a8243bd90cbe35abf07a16b54e6ad3ade232287ba5d4d88a049fe63c793221e |
memory/5764-75-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | a1f0deb99f16b0395e8447fe81047550 |
| SHA1 | deff8825a645010acad444f752a63639e48b136b |
| SHA256 | e64ffdeb0320bafb9750c2f8357614f28adf2f7a9ac7df7cb16979b3fd0efeb3 |
| SHA512 | 50aa0c9f54bcb1edfa99ffb36164387d0d252c5df4f471d9dc31f1b96521bea9cf0d0188c7d4c04fdf6422d1bf5069b6d2365639515d25aba6d1a79397004360 |
C:\Users\Admin\AppData\Local\Temp\$$a65BF.bat
| MD5 | 8c9aef0d0681a326c7e8f19e798fcba0 |
| SHA1 | e94dfdada81911794709bcf8f5355a4d76e9b755 |
| SHA256 | 4161e803135e6579ee203b65519e7f8530eb2055d028a5ccc695043f6f6d0713 |
| SHA512 | 566ad0b4a291d9ccfce464cdfd3f3928ac08927d532624820d10775ca9fb82300440a774c244af4915f697e206d862456a3df01b1e6e5c1b1df14a5d8468262e |
memory/3952-81-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5764-2595-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | e8d6df5f3a435abc0e019a50b53084b4 |
| SHA1 | 6edcb2439270045cfb1e5ffe725e8f2a86ded79f |
| SHA256 | eee0c9117fe354c6a8a41e42411f49164fe0918709cc0c2845d4333cc8df093e |
| SHA512 | ffa78cc7fb39636217bc291346bf9dd9801d71edc278ac96e561f5e8bc36c6e50e1a60344b087f466e990dabad2688b7dc9557edc7545718ca1403b6ee836b98 |
memory/3280-4871-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a76F5.bat
| MD5 | 05836eb7dc138c72e9540d2c685c437b |
| SHA1 | 981bec528e8646f917273d06f171f9a68a374627 |
| SHA256 | 3173e45026d4434e78e23d5acff7dd22227399734a0fbe466a9aac50dbefb118 |
| SHA512 | d78ba27d9dd7888ff99b7b56bbabbe55e2c13020a47f0615800c741e7e08b8b7fa8e6b3cfd74e819d01f15f7931f4ee66c9040e26b1d7e6f9ef1404f630e1d28 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 8a5aa80c70138f3ec64c4ddce5e22f9e |
| SHA1 | aa11e876bc107c8fa3f4bf826245b363c1e87972 |
| SHA256 | 6e61083ce7f5ebc4f1cfa872103a47ef34661372cecc6c255cc5775ea73fcb0a |
| SHA512 | 37f1a7f2dfc4ef544ae1bc07a1deb97d722be081b939910c00f84d2aecb7bfb17aaae88f3e89256fffa2b998d43769fddf78972042cd278f503100d9aa39bf1d |
memory/408-6074-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a84D0.bat
| MD5 | 70fb93c40cbb2260461a7d00586f812d |
| SHA1 | 478afde922f18ea087157d4ea452c6732f1139e6 |
| SHA256 | df6929a27bf51b07139b04e10827751959f42b698839bb0292df5d698d911026 |
| SHA512 | ec5ad15c9fc0bcc330581e7328b1534eae837eff6a58dc606e2ff6fd5374b453c56d8cff95a0736729c0df627943d121013cc3c7e4d7df994d7aae4c8f03f193 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | d030d8d4da7d40eccb1603cc27a320a1 |
| SHA1 | 819ec214bc70629b503de0377762a5e48537d710 |
| SHA256 | 4a4fbf07780d26ca16423757d7e271f42b13c3f434ae0cb21bb7c900db4dbc5c |
| SHA512 | 9761f6dd8f380815022bb9f0af72df25807d0848e0a4932991ee976b1db593d9fd1e22d565925daf08a056e2f586e785cc44776aaee75d36ede1ea1004f801a0 |
memory/744-9834-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a90C6.bat
| MD5 | 0f17fa733ce6e6d6fb2307a6e0c7b35f |
| SHA1 | 777a430adf2de26853d9ebf9445f2bbb86c497b9 |
| SHA256 | 0f04098d2b6a89d4d164fe3d13c57079adc556bfc032e562cd513a65f5536d49 |
| SHA512 | fff09b153807ea4b478ebcdce296002d222424e2a1ef648d986cd95c67df8e6bad897b80a395859b00fe5cc88664324a54473b51a409dad60f373e47c1cd6f7c |
memory/5764-9836-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 6256af6cd861ceea865fad7bfb89d0f4 |
| SHA1 | 1c8dad693a79d05f50098826d07a3c455b3a3fd5 |
| SHA256 | 20f7711c4359019a53b86f836031b416b6451a7da2d86fdc12b2ee0386b065f2 |
| SHA512 | 99781f152d7ab0097ce125e3b84790bf43ae8b557be7dfd800ee2e666510a1bd72b0cbdedb2821160ed77909c3eae680fa351cdac5f7b9bcfc41357b08c97899 |
memory/5804-9842-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9933.bat
| MD5 | aaaac799bb90a56c1009874c7663229d |
| SHA1 | 2cae20cff7a05b07678667601c0a53384923e2f9 |
| SHA256 | af27dba606a672bcf3f78a66efb6dac109c388cb5ad89d5c97c63e763a8ad21f |
| SHA512 | 6c5e5d1240afc0752889844b0c6dc993822d7c54bf69571e26deb6f2fd2a2df4c5426d0ad80358f0c978bf1f3bc8ccf918a8c3019d01840aa3c9ecaf80793ef3 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 0383f32b3ed3d3e3c76c59ff07b3a72e |
| SHA1 | 60f9780e8a59285e6c4d0f6b62747fe8094ce7c0 |
| SHA256 | 76110fb400b7b156f736a0079d7e6d520019cfe0d57579d5dc58a11c75e4bbba |
| SHA512 | 83606948e51dfb32a3127ec13fe1d2197f6dcad70890172b2a6b512fbb0b863707df4bbbe00b7b8f78fa2acc5757f4cea7db2ff552a48eb7be07984258060069 |
memory/1056-9849-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA0B4.bat
| MD5 | 2db830ee136383899c7a4b1f14c59b32 |
| SHA1 | 05a26fdbe6488108e07d646ebe9320f0726d46a0 |
| SHA256 | 4bd7e6d833bbddb2d7868dd93c48e8604cb715303624e25e4ed2c26c583b8afa |
| SHA512 | c0e3834b8bef0f908928d6573f25f68660a203d693fac373b311aa23b4ce96d9017a2452b9eb2fbe88895b4e4baf8cf68455f4b69b45bdb667981df0575ae764 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | add74ce6dee5d73249d839ef54aba234 |
| SHA1 | 3981ab3eb325aa111d1bcfabcf2a0ebebd3f6302 |
| SHA256 | b23e55cf2f722e2ead456932822d94364bc0a9eaa1e8dc8aa2db8571f41f3c84 |
| SHA512 | 362920facdf52796bee60278486043976d04b8c5f946687419cf7659c2eefe80b960e00dcc3f18100187bf6ae0d2d694e652b041543b14bc74865b0bff3c85a9 |
memory/5500-9856-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA70D.bat
| MD5 | f021bcb194ea9265f37777c4560e28ff |
| SHA1 | 8b2673905e6b4bab59081c9275bf1146dce2baf7 |
| SHA256 | 007f5581a5947fa32f96532037e69e7413c1415c800e2936d69274fb85c220bc |
| SHA512 | e3c562a75f2e93dd407ba4b12aae3a6e73b7a8033e32080a32d1823ded45bb367d6f90ddff97e0e0311c32ca936d5b38a9d21e2b4c83c09864fea80156835d4c |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 333520dababd7a07076b59aa06359e6e |
| SHA1 | 0fc75785a8a2db2d03ff42565037136a2893a61b |
| SHA256 | eddc9d3603ccddebac094607797209c0d01539b08cc40b5decac52c04c467436 |
| SHA512 | 15f8c79b9d7567baf05d50736be96dfcce06a2446d7c6673fcded8329b55456d4f01c6022deb33a0af86048ba6881352ec2959e7623d475d24ac82ff6acbca70 |
memory/1200-9863-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aAC9B.bat
| MD5 | e0569363bdb4dda377077bba8843956e |
| SHA1 | e8d00ca7a4b9170aa1a19afdf2a8fe4519acb5da |
| SHA256 | fc009b403274a4974af8fc1a4548a132592f362d91f50dcc69152333d8d9107f |
| SHA512 | af8f93012f0f4d28c064e1d899a199deefcb9ab52de1f30c39c3cbca566a8d330d7bef2f422ebcf80cce9da09687b58bfcef01c0990fac43b8ed5d75296ba510 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 63a700418e878f9f72c434784e83aa9d |
| SHA1 | 98ea0a2241dacb6c6ac348a3984c684569d865cb |
| SHA256 | f553f32d375554e1de4df4e6aab9f51b6c446f901414720e6adddd6b8323dd8b |
| SHA512 | aa83ffa8403986ea244f727c9b080c856c7f43e264637c92fc83934b0620f736509b3dd4c03b3ee164c60fc9a0467d3c3f23ac58546532737ec948604f18cde6 |
memory/4304-9870-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aB1EB.bat
| MD5 | 0b19bdf496b7630ab212db130fedd795 |
| SHA1 | 83e4fcc0aa25f89527b4d09a6643dc16fbf7df46 |
| SHA256 | eebd297b14b98e06a231eff9ed5e056eab55dffe4ebb33cc43d6f87f4ecb658b |
| SHA512 | 98f03f322f66e89c60b118d34de3a09d015a7b86cf77ec03d72dbdfbf6f3482e71e4db15e325140759a108326be9b0d01de9087b599d76f7ac6b43903bc2f10b |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | cd3d561574d7981bcb368f1a26bbb890 |
| SHA1 | f088d488b0d70d952c818d68bf96bbcc03686ba4 |
| SHA256 | 1d6d2aeff4518cc68f7aa1fc5a66bd4ad7b36929e12fe35f0466f99133303c6c |
| SHA512 | dc470afa7c7193d1d145ca8f116fb23d903784854a044973804c701b1f70851c4ec1d034fe68a559bd392072fc3f5197fdef860c82a3d3f22cbdbdb9bc423dee |
memory/3928-9877-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aB67F.bat
| MD5 | 6fbf33c73b463a69e4332780e41d5ea9 |
| SHA1 | 429b0f9dd5f5965ad2137412854978e35c45cc23 |
| SHA256 | dd41e935efb0fb659f57b7479a7de83f3a46adf7978b945928a5098c7279fe27 |
| SHA512 | 2c0909d95e4488abe4869e7bc3062b65bb8b952de32d3e07dfd844fb73d4f80f0c58b4020e090ae25f6ac32c7d430667629c2e98e61df57fb17572aa3db71ec9 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 0e73ec0c429f890ecc33de4e2034b056 |
| SHA1 | 9be92d7e8ad0191292f03220b3797eb3bccc50c0 |
| SHA256 | 6d8fb49831006c10b81f958108bece064166251139bf18743f0deca688f1d93c |
| SHA512 | 3559cf39617ea012ed6afc4280a17f6805dfbcaaf4cf784f92614a64123551f7bcf8ee47179661371a1bd708c8606eeccb76cf827a0657f35c9d122a25b70a24 |
memory/3280-9884-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aBAC4.bat
| MD5 | 7d69c42255235a5e28e1b2bab5b6e7cd |
| SHA1 | 18fe44abc7ea723aec7fca87fe0705be1321547c |
| SHA256 | 7abc7e9a839d9da069b024fcc53ba6cebae48aabc4ae09f83cd5db5b78d85980 |
| SHA512 | 8a90ac3633756f62f724b88d8198c30e0fda3d97e43b589b7f5fb67ff1b63ab66cd99383307887f84f70a6a25bd1d38b4650f255dda615ff068e91f88a87ada9 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | ff2e766ee874a6d2e8b966ab96f8d850 |
| SHA1 | 31f26b0a8fefb5d06d3c31ad31566ad7b206c8ef |
| SHA256 | 48d25caf8e408b825bef6bf5d48aef0d555572feb0e5300da803c2222e1ffa1d |
| SHA512 | 1caa9a340ed5bfc254762b9d04e655e936592433265d7135ac880aadb451fc811fd5430f7f932885c164de559a0d3e7cca2db6d738e9c4e5262556adc8d54e4b |
memory/5052-9891-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aBEAC.bat
| MD5 | 737184826f5ceec563a9e39b68df9efd |
| SHA1 | 413f8ed4407a907221e145730d4f0ea3f1f7e9fb |
| SHA256 | 575f2aa5d0050aa87e2fa4f39af955bb295794dbf12a1d50f72f899543d0f843 |
| SHA512 | f173a7614f8a3ae021203ffa2b7e6a639d1e8bc0cbfb1625bc3343d0ecdb2a4e48dfe33b6dba01fa762ba7e8995880ff26e5238e7770943e824753a1103ccbc3 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | bd6e6d039586bfdedfeb413dc939ae2d |
| SHA1 | 98e792d5c7de89f02cd268c0de55a7f854781456 |
| SHA256 | 1142567c98b99117433491e2f8679a9736bb919725687fb7175d219d09e0065e |
| SHA512 | 1d7d46d1ad214e0ffabfa6ab2676f5d48c183f441c2876cd5adfc1d3934bfc6656d596335a0687e9c336dcdaa14c2fa3c429aa64f094f2023f820348a0168a08 |
memory/4684-9899-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aC294.bat
| MD5 | 33b64c48071fb34fe71e694a97ccdc63 |
| SHA1 | aaf63ea38610aade6b03b8db0b198815b02e1541 |
| SHA256 | 5002a0d34d9f1fe61e66dd7bebc627de464e732cbce4e5ba96cf98e7ebc6b1a8 |
| SHA512 | 2522dfbca22552ffbacbd915383247aae02648aa72cda06fe173c764dbd556956e9af93e4c298648b4bc2ecf93e7d61c837822f4b3e231721fedd7ec718d6f49 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 80c4d2a669d7ff5a9ad7818183b17345 |
| SHA1 | 39acf9ddbe06cd751146658c98fa251df6956229 |
| SHA256 | 4c8304b3801a0376a28fc5d48b42abcde266bd122caf5ec3a72d53735b08d64d |
| SHA512 | d25ab6040dce4ab7cab9375a8daebba24659ab4270363c7d5803dd7b0e1d799a68817945a594983b7fdb9a14f2fc64d1ad9425cad2d8b271aac9f674537736d8 |
memory/2280-9906-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aC65D.bat
| MD5 | 0cf07b6e19c143b4fc30d76994dc7658 |
| SHA1 | 9a5ce3c54963f405e41d9f08ce12ab542c5bab2d |
| SHA256 | 3ecb974909d6561ced6b642c3f0044a5fe0a89de1f5f1705a657caafaee35f4f |
| SHA512 | ccf9944b0cdc9cafbd6917e747f9feb3213f4cc3e107cdccf93c615afeea0166feb9ab166da953991e6a1328d7b3a1a31416fe66580ba8e1c75f79b2f9ed54d4 |
memory/6080-9911-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2736-9915-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2940-9919-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1488-9923-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4040-9927-0x0000000000400000-0x0000000000445000-memory.dmp
memory/508-9931-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5976-9935-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5248-9939-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2728-9943-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2176-9947-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3108-9951-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1808-9955-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5056-9959-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3116-9963-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4984-9967-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3300-9971-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2780-9975-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6048-9979-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4032-9983-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4684-9987-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5232-9991-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6004-9995-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2684-9999-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5552-10003-0x0000000000400000-0x0000000000445000-memory.dmp
memory/896-10007-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4916-10011-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1444-10015-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4708-10019-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5320-10023-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3604-10027-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2744-10031-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1960-10035-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5324-10039-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2012-10043-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4056-10047-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1644-10051-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1300-10055-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4232-10059-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5184-10063-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4304-10067-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5152-10071-0x0000000000400000-0x0000000000445000-memory.dmp
memory/364-10076-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5900-10081-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5472-10086-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5496-10091-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4472-10096-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5796-10101-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4976-10106-0x0000000000400000-0x0000000000445000-memory.dmp
memory/336-10111-0x0000000000400000-0x0000000000445000-memory.dmp
memory/896-10116-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1840-10121-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6128-10126-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3464-10131-0x0000000000400000-0x0000000000445000-memory.dmp
memory/832-10136-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3488-10141-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5600-10146-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3160-10151-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5240-10156-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2952-10161-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5456-10166-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4144-10171-0x0000000000400000-0x0000000000445000-memory.dmp
memory/216-10176-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3656-10181-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2452-10187-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1520-10192-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4372-10197-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5088-10202-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5400-10207-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5776-10212-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2032-10217-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2592-10222-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2504-10227-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5096-10232-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4732-10237-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6016-10242-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4932-10247-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6128-10252-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5332-10257-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3336-10262-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4456-10267-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5008-10272-0x0000000000400000-0x0000000000445000-memory.dmp
memory/508-10277-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4268-10282-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5012-10287-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4100-10292-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2496-10297-0x0000000000400000-0x0000000000445000-memory.dmp
memory/208-10302-0x0000000000400000-0x0000000000445000-memory.dmp
memory/704-10307-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4336-10312-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5016-10317-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3816-10322-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3060-10327-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3212-10332-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5052-10337-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5232-10342-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5316-10347-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4836-10352-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2424-10357-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4688-10362-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4816-10367-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6080-10372-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2736-10377-0x0000000000400000-0x0000000000445000-memory.dmp
memory/832-10382-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5432-10387-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5620-10392-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5756-10397-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5832-10402-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2176-10407-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1072-10412-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4432-10417-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3656-10422-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5208-10427-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2404-10432-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2700-10437-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2044-10442-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6044-10447-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5900-10452-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1264-10457-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4420-10462-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1548-10467-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4860-10472-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4188-10477-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2028-10482-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4788-10487-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3548-10492-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6128-10497-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2880-10502-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3024-10507-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5004-10512-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4052-10517-0x0000000000400000-0x0000000000445000-memory.dmp
memory/508-10522-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4620-10527-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4156-10532-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1600-10537-0x0000000000400000-0x0000000000445000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 18:34
Reported
2025-07-04 18:37
Platform
win11-20250619-en
Max time kernel
149s
Max time network
103s
Command Line
Signatures
Executes dropped EXE
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ro-ro\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\133.0.6943.60\MEIPreload\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Visualizations\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\identity_proxy\win11\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\XLSTART\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\uk-UA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\my\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Uninstall Information\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Logo1_.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Logo1_.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a88F3.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A2B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8DF4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8FE8.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a923A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a949B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a98D1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA063.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4912 -ip 4912
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB4A6.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4912 -ip 4912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1020
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1A7.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9E4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD09B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD629.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB88.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE0C7.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE51D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE924.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aECAE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF019.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF058.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF0A6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF132.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF190.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF21D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2A9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2F8.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF346.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF394.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF3E2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF420.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF46F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF4AD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF50B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF549.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF597.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF5E6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF634.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF682.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF6B1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF6FF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF74D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF78B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF7F9.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF837.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF885.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF8D4.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF912.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF960.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF99F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFA2B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFA6A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFA99.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFAF6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFB35.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFB73.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFBB2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFBF0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFC2F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFC8D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFCCB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFD29.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFD58.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFDA6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFE13.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFE71.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFECF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFF2D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFF7B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFFF8.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a65.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a140.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a17E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1FB.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a249.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2C6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a315.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a372.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3EF.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a43D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a49B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a509.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a586.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5F3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a660.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6CE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D7.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a835.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8A2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9BC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA19.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA58.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA96.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB04.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB71.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6B.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD9.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD27.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD65.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE01.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE6F.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aEEC.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFB7.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1005.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1063.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a10D0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a111E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a119B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a11F9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1266.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a12B5.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1341.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a13BE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a141C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a14A9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1535.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1593.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a15D1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a163F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a16AC.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a170A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1758.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a17C5.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1804.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1862.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a18BF.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a18FE.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a195C.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a19B9.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1A08.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1A65.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1AC3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1B5F.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1BBD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1C0B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1C98.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1CD6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1D24.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1D82.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1DE0.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1E3E.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1E8C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1ECA.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1F18.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1F67.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1F95.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a1FD4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2012.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2051.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a208F.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a20DE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a211C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a214B.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2189.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a21E7.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2226.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2255.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a22A3.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a232F.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a238D.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a23DB.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a241A.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2477.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a24B6.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a24F4.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2533.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2571.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a25B0.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a25EE.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a262D.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a265C.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a269A.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a26E8.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2746.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2775.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a27B4.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a27F2.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2831.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a287F.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a28BD.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a291B.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a294A.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2979.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a29D6.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2A25.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2A82.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2AC1.bat
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
"C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe"
Network
Files
memory/2332-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/4912-8-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2332-11-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a88F3.bat
| MD5 | bd7cf6889ff38e9529eca559940718f6 |
| SHA1 | 98b9ccc4d27501bd0056cad7d063fe8c29332c56 |
| SHA256 | 9a8c21818c0ee1892b005667cec08ac898bfaf8ab082a086920d738fec675f47 |
| SHA512 | 707d710d1d059fa29786bf1729ae03211563de21615b640cd3c427aba06bfbf5d81d95f2420c126a866fc3a3d19f6985b285142667b596f044114f4af7561241 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | a0bda10c59495be53bbab82d777096bd |
| SHA1 | c0d374dafa2d4b6bd267784f97b639e38c7f1085 |
| SHA256 | 7b737ca12038a52869eacd1bbdd07647a6684db73c0e2b74c7724d3a9586fb9f |
| SHA512 | 500775006646c666354d173c36ca2eb230724e33db74aec53b08fea816d6c56619715b9b69fe07d4947d3f623e9f25ae9228cdb44b9453b2a4c633d8e0369df9 |
C:\Users\Admin\AppData\Local\Temp\$$a8A2B.bat
| MD5 | 9c0b8a58f4e05936f0b15c3e75bbbb3f |
| SHA1 | d27bab64b74ae4eb0fb95d2a0430509cb802721d |
| SHA256 | 094f6976afd2ea0b17d87df0b4d2137eb00d7ef4ee91c7a89fae86eefc833d6e |
| SHA512 | 0aa0d23179189ce2b71aea8d316252e1e6f35f6e82b69d2cfc277be711a266ce6c21e56c71aecc23c9d936cd7338365bc70ce320ddd686878fc436d04f40d6bb |
memory/2136-20-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 95499973a8f24182d69ae6a73e67d3c0 |
| SHA1 | 65065f82a1c7e393eb1c4a771a7efa033db20bb3 |
| SHA256 | 14e8944c572d4ad08ffe831f63d9217e815a642c95437af5f78c2ce1a170b666 |
| SHA512 | 10cae3fd862b1a0bc56f1621c9506977bb19aeb0d8f180b6181ae958e1c8c9e736cd68da7f18fa70fe8d4365e243d8fc86327d96766064af81c3ad29c3b79eba |
C:\Users\Admin\AppData\Local\Temp\$$a8BF1.bat
| MD5 | cd8b8e1d090e8cca2aaace5cabac4cd1 |
| SHA1 | 76d19486e4f267e6f5d39948796ca33899999bc5 |
| SHA256 | de813818d61d1551516b84ec35857e3cd6ae81679de144752f057cbdeb430bff |
| SHA512 | 445cc3f62df6a288c0b393da63bdceae884b314c167e8b0b8284ed833d838ff77cfe9a2a556dde2f8451a6cdfdccc31f233f18be7a6c2739ac90f6e593b443c0 |
memory/3528-27-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | d7d2100c035e00453635ba330a7cabbb |
| SHA1 | 5bb51970e33daa0c7a62223014800e2eddd79cdd |
| SHA256 | 3abcbd5f63bdd1fc3132535066f877ba286001ddad156d0c21587797c7e8e4ae |
| SHA512 | 4db7840859daafaf310d6864287381f28998a3edb8c88cd7477db81bca2478289ac6ddb0735c61a68f8a6b8e781ad0b7b3dafb44caab09dc78507bfefcca0834 |
C:\Users\Admin\AppData\Local\Temp\$$a8DF4.bat
| MD5 | 5753cb16082dbbedb62ed75613309da5 |
| SHA1 | 00c78c742373932b65ec5303e4978ca5d043fdf8 |
| SHA256 | 2c68d9b9ad6f8f046ec17d76a37b0a4ec80812d74442580f38b421a81152c5c5 |
| SHA512 | 5e9841c7e0dca1ee7de7b5c7d5bb0fdba572c83cad91f22aa7aac43bcf5a2cfaee3198811642913d7e45d1e9c34521929c10f4800ee4259b446ecf497f0a1140 |
memory/1392-36-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 44afaee3b657120e4cda156762a7d825 |
| SHA1 | 2580f6a7dcc4e2226c276a4d904f4d69175b4b9a |
| SHA256 | c305416f394e08cfd434f4aef3cea187f929989d9afaf5b844b1f3b3e569df45 |
| SHA512 | 36895724f0d4bf42b4b826e3128a7f2018624742d8c8581514f09ecd9473033d712ed4c8f5ef4642477578b8ff9dc542e2c519f22dcc21ee47a083eb9873d6c7 |
memory/3312-44-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8FE8.bat
| MD5 | f00d11b0b124736bb80854f8958386b2 |
| SHA1 | a49b22e926bfa37ef4d0d2598ed261b2d9d19343 |
| SHA256 | 9d844d7388e67837d6e93580ff570f54f6af25e64473108de228d79bda5d4685 |
| SHA512 | af1c8a494ad80283849422e57ac12e46c03e401ebe44169cc6daa42b8a8f436285d6e535a7479d11e62abed50d71b883ac380d9e235b7acd5a806dd3ce18bad6 |
F:\$RECYCLE.BIN\S-1-5-21-1418876453-2228697459-2788511057-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 663ea5c9d3fed897559a549f5f737f23 |
| SHA1 | 4a0d45a9121b6f498eed6c2d3d30b5ac1d8b0f90 |
| SHA256 | ebd6934ffc460c99c35ae3a56e9ed9d6d5377ed8a417c389322af0fa20ad4b73 |
| SHA512 | ee8109561de8f2557b116b0d438ee5886078f8ac08d74b8e3882d601c48b0769d984443a87f50e1ce28cd3c66b2cc11c273d1c3bd80a8d9e20c7e914041078da |
memory/5884-57-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a923A.bat
| MD5 | fae99b7f6f0549881083f63d5071dd64 |
| SHA1 | a406886bbeaed2455867ae9fa34e333503aef250 |
| SHA256 | 8e2fbd4aca4c2df2f9dfa24e7b4dbf854f903bd324ce6a9a7f882a65df01d64b |
| SHA512 | a878d10b39281f3bc112bbb860c77325eefccda3c952e7f3b42bca2af679f138fe045fab3c2c0fe858e84ec718b57167695cb08c57408ce231e11b224730ffe3 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 95dda39fddc8a15cd5cc81c85fd53766 |
| SHA1 | 26c472964282ce504ecc030eb3573d20c1c8966c |
| SHA256 | f247dbd66ab22886991e3d7e86e2928495d6b5d737e8820b5723a022ddeb543d |
| SHA512 | adccd300c29c363e32624bc2cdbf8514a632687f984b38f8bcb71aa1e5ab85376fe857279ff2d33f15a945f06c5245d5f4643205a292f5ac5cfd4c29b9bd4b58 |
C:\Users\Admin\AppData\Local\Temp\$$a949B.bat
| MD5 | ac774ea4b9fc468d23165515e9370888 |
| SHA1 | f2ea15b19568fd20c2d67d03084934710b04b859 |
| SHA256 | b2c1f768a2a1d9cca9828b469de6259bd1e915a9b524f7610eb1d035ec352f60 |
| SHA512 | 71f66e85e727c1f50ad4be85532efc9fb957fbf21c4deccc12132c5f085d5a8ee27bbe29f1365f6251c9ee7199bf5451a516fd48f863411aca6305317300490e |
memory/3620-64-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | a1f0deb99f16b0395e8447fe81047550 |
| SHA1 | deff8825a645010acad444f752a63639e48b136b |
| SHA256 | e64ffdeb0320bafb9750c2f8357614f28adf2f7a9ac7df7cb16979b3fd0efeb3 |
| SHA512 | 50aa0c9f54bcb1edfa99ffb36164387d0d252c5df4f471d9dc31f1b96521bea9cf0d0188c7d4c04fdf6422d1bf5069b6d2365639515d25aba6d1a79397004360 |
memory/980-75-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a98D1.bat
| MD5 | 05ae2f1e5d7f4447b5cda1a0b217b329 |
| SHA1 | 2df6a4303c28ba99c46d08da38c817669b77729b |
| SHA256 | 23f28defae56e04e7208f4b0e9a3ea467a7be29e89a26ed5ce76669f01c4c1e6 |
| SHA512 | 2b2b1e00b6544ab289de16b10016465d48039feff031c2d93d4fe7d4c77a86e902727af8908b7dca7ce737946593e7a3c41c138aa8d1d47363fed2187a52533b |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | e8d6df5f3a435abc0e019a50b53084b4 |
| SHA1 | 6edcb2439270045cfb1e5ffe725e8f2a86ded79f |
| SHA256 | eee0c9117fe354c6a8a41e42411f49164fe0918709cc0c2845d4333cc8df093e |
| SHA512 | ffa78cc7fb39636217bc291346bf9dd9801d71edc278ac96e561f5e8bc36c6e50e1a60344b087f466e990dabad2688b7dc9557edc7545718ca1403b6ee836b98 |
memory/2096-84-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA063.bat
| MD5 | 1f7f196328b35ec1b61fd896ad65ec2d |
| SHA1 | d072ecd4eb237454ae6b060f847dff15bf2a83f4 |
| SHA256 | 1c9a685e5965fef8882164a6438a93d21a4fa27a15f77446c4a0fe5607ea1aeb |
| SHA512 | 446c1fed294e327e5520d063de890423629c4247074c86837451f30be6826c4129f6894f3a6a6b3a5f6701a3333a7fcad2a1bc620cd113a4e4161c7658fc2b48 |
memory/2096-88-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4912-83-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4912-4862-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | 8a5aa80c70138f3ec64c4ddce5e22f9e |
| SHA1 | aa11e876bc107c8fa3f4bf826245b363c1e87972 |
| SHA256 | 6e61083ce7f5ebc4f1cfa872103a47ef34661372cecc6c255cc5775ea73fcb0a |
| SHA512 | 37f1a7f2dfc4ef544ae1bc07a1deb97d722be081b939910c00f84d2aecb7bfb17aaae88f3e89256fffa2b998d43769fddf78972042cd278f503100d9aa39bf1d |
C:\Users\Admin\AppData\Local\Temp\$$aB4A6.bat
| MD5 | 34f1bfad9143d8fbd17d1e45426d866c |
| SHA1 | f372a654afa43905ec2b0ac08f0e9d59029942ad |
| SHA256 | 70b0755fd4be482f679519a8b444e03dbe667a1cf02c1a92d7e5449072362939 |
| SHA512 | 74d6db2366d20666ded2b59283c88a4954f9d3f384a6598adac61376ff63870fbb0dc606f9e4a3bfb10e65e88176dcb93adf95b42e23af2314a2448d43547deb |
memory/3232-5032-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4912-5035-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | d030d8d4da7d40eccb1603cc27a320a1 |
| SHA1 | 819ec214bc70629b503de0377762a5e48537d710 |
| SHA256 | 4a4fbf07780d26ca16423757d7e271f42b13c3f434ae0cb21bb7c900db4dbc5c |
| SHA512 | 9761f6dd8f380815022bb9f0af72df25807d0848e0a4932991ee976b1db593d9fd1e22d565925daf08a056e2f586e785cc44776aaee75d36ede1ea1004f801a0 |
memory/3776-5046-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aC1A7.bat
| MD5 | a4efefe9e9e7cf6d165ee9584df49e3e |
| SHA1 | fb3f25230afe6620b41221365b005f091b1f74f8 |
| SHA256 | cf3a886d8603c6c77eac9b6d6a549b7935a8f66329850d3852206f3d34ca03db |
| SHA512 | 45ca57203d1e1016548d5f34dc0eb742629b1424fd965708a93a4fc20ff7a39f1c5c5a61b6f855aa47b628559ad3c89076e4818a1b85187c1e40ad0482b700f6 |
C:\Windows\Dll.dll
| MD5 | e1dbfd522e7f22b2f987af9f32d915d0 |
| SHA1 | fb8a8babc7d2447e4cbcf0973a168b9afb633b05 |
| SHA256 | 58902ae17338af4211e7e21eddb09671507b48740fa7056b9b7f7ab307da0168 |
| SHA512 | e863a1f3503a94faf95c271464357b9536e7aa7b7b684c0720cf1ed4b8e798176798f798da010acfcac85872d21c0bbddd8d0b5980ca39a9d6655b84740cbace |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 6256af6cd861ceea865fad7bfb89d0f4 |
| SHA1 | 1c8dad693a79d05f50098826d07a3c455b3a3fd5 |
| SHA256 | 20f7711c4359019a53b86f836031b416b6451a7da2d86fdc12b2ee0386b065f2 |
| SHA512 | 99781f152d7ab0097ce125e3b84790bf43ae8b557be7dfd800ee2e666510a1bd72b0cbdedb2821160ed77909c3eae680fa351cdac5f7b9bcfc41357b08c97899 |
memory/3672-5060-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aC9E4.bat
| MD5 | 5a13bf8852e03ee999786f2b9447dcf5 |
| SHA1 | 1fb318c700ad0a8592f4be94d4dfdb6308888799 |
| SHA256 | 1072b5ab3d159d20d65c480ce67433a4aaf52a293ff11a02f32c8008617d6c68 |
| SHA512 | aeefd83c1a0455d0d90e588f2146bd1d55fc59b1eaa735f607e849ec27feed24f1b5aad72645a7f68756265f07e5752e1054c566573c37781d5da5ab88e434df |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | 0383f32b3ed3d3e3c76c59ff07b3a72e |
| SHA1 | 60f9780e8a59285e6c4d0f6b62747fe8094ce7c0 |
| SHA256 | 76110fb400b7b156f736a0079d7e6d520019cfe0d57579d5dc58a11c75e4bbba |
| SHA512 | 83606948e51dfb32a3127ec13fe1d2197f6dcad70890172b2a6b512fbb0b863707df4bbbe00b7b8f78fa2acc5757f4cea7db2ff552a48eb7be07984258060069 |
memory/4808-5067-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aD09B.bat
| MD5 | dda6ddad11b93676e2171dafef58aabb |
| SHA1 | 6cddd8e29acdb9e68d719d096780a7ac822d25a0 |
| SHA256 | 77ab4961901ea1bc4608e786290043eeb8df4dfc35256cf1b32a9b62f37e891e |
| SHA512 | 88645df93b320d379982d28d2a1da909af59f94460f74b0b72203c879d06af1119ddce43dd28d0fa4de5481c2b2ac1ef0c31196afa799639e712af28092c3cbf |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | add74ce6dee5d73249d839ef54aba234 |
| SHA1 | 3981ab3eb325aa111d1bcfabcf2a0ebebd3f6302 |
| SHA256 | b23e55cf2f722e2ead456932822d94364bc0a9eaa1e8dc8aa2db8571f41f3c84 |
| SHA512 | 362920facdf52796bee60278486043976d04b8c5f946687419cf7659c2eefe80b960e00dcc3f18100187bf6ae0d2d694e652b041543b14bc74865b0bff3c85a9 |
memory/4068-5074-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aD629.bat
| MD5 | 0e86a2013b61d96097a3cf43838a8aa3 |
| SHA1 | 6074339f5243c804ab3c0c9b475cf08199aada1c |
| SHA256 | 49f672aa074315a42f1f01e45baba2065433fc14b4b06eea2f3fde4153fe23a6 |
| SHA512 | c18314d555e1078eb3fcc462dca2d11a5c0fa5827111019d05e506c9d742a212c0067a820bf4f68e72239ef34a537eaa89551c223ffea923f555ff1fc94925a2 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | 333520dababd7a07076b59aa06359e6e |
| SHA1 | 0fc75785a8a2db2d03ff42565037136a2893a61b |
| SHA256 | eddc9d3603ccddebac094607797209c0d01539b08cc40b5decac52c04c467436 |
| SHA512 | 15f8c79b9d7567baf05d50736be96dfcce06a2446d7c6673fcded8329b55456d4f01c6022deb33a0af86048ba6881352ec2959e7623d475d24ac82ff6acbca70 |
memory/436-5081-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aDB88.bat
| MD5 | c7cfaf3b996546ce5477aba2077fb877 |
| SHA1 | 53e74a3cf7486fd5094b6b154699253580374cbc |
| SHA256 | 51140e34ddd8a59a7ec8c7ffd6fe01f99a26456165a827caed00e562f638098e |
| SHA512 | 54a6465a6b2019d2ffb5f624aedd353f1890024cd7bae8b699b6d5dbac8c960017ab742d6ec0ab3b61fc28f539e304799dcb1c5230ba0eb05b7a4d1d8c1d1d74 |
memory/340-5083-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe
| MD5 | 63a700418e878f9f72c434784e83aa9d |
| SHA1 | 98ea0a2241dacb6c6ac348a3984c684569d865cb |
| SHA256 | f553f32d375554e1de4df4e6aab9f51b6c446f901414720e6adddd6b8323dd8b |
| SHA512 | aa83ffa8403986ea244f727c9b080c856c7f43e264637c92fc83934b0620f736509b3dd4c03b3ee164c60fc9a0467d3c3f23ac58546532737ec948604f18cde6 |
memory/2392-5089-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aE0C7.bat
| MD5 | 071e48b2e47596cb00ea0c14bdd51d9b |
| SHA1 | 3417ac1890e897542881e61d0794d736b943e10b |
| SHA256 | c14ddc8a728f12a4f7682636e1da3968a205b549e955d579fe0aff407c815166 |
| SHA512 | 2f6991fc24e5ece93b0c63259e0417f85538bee04704e547b0ff82ab775047c4c7301372eb2bbffd4013b020169ca56f14bb0d0c07fe51c7043e1e4b65d6a346 |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | cd3d561574d7981bcb368f1a26bbb890 |
| SHA1 | f088d488b0d70d952c818d68bf96bbcc03686ba4 |
| SHA256 | 1d6d2aeff4518cc68f7aa1fc5a66bd4ad7b36929e12fe35f0466f99133303c6c |
| SHA512 | dc470afa7c7193d1d145ca8f116fb23d903784854a044973804c701b1f70851c4ec1d034fe68a559bd392072fc3f5197fdef860c82a3d3f22cbdbdb9bc423dee |
memory/6064-5096-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aE51D.bat
| MD5 | dbfb9e06b23e5499b6240bd8f1d74b68 |
| SHA1 | 28575f1b28d7fa620c710754acfb06b3132bdb2f |
| SHA256 | 920cf36697b1d2ab125013293a8fba4a7cca197dde57d66196334a8421ef48f3 |
| SHA512 | afa298cbb7612ee14de6f6d9c435d40dfe53551dfd2f3b4d815ca192d6f05fa06fd312e3d018ee864d7944ea8d0e9d5ae79bab47c33e8a7fa5d57355675a561c |
memory/340-5098-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | 0e73ec0c429f890ecc33de4e2034b056 |
| SHA1 | 9be92d7e8ad0191292f03220b3797eb3bccc50c0 |
| SHA256 | 6d8fb49831006c10b81f958108bece064166251139bf18743f0deca688f1d93c |
| SHA512 | 3559cf39617ea012ed6afc4280a17f6805dfbcaaf4cf784f92614a64123551f7bcf8ee47179661371a1bd708c8606eeccb76cf827a0657f35c9d122a25b70a24 |
memory/4016-5104-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aE924.bat
| MD5 | 2b07dcd14286beb650e6a51b32dbd000 |
| SHA1 | 316e9d907e405d6e2d613883339171872aabdd77 |
| SHA256 | 3bc18a08d7b2b6b35bf7f55df4d0afb98231f451cccca18629f8d8b2e9dee005 |
| SHA512 | f51f74a9fad86ab2619e0f7e085a02e38946a6b8a8dba5efc512d0ebf502d6aa3177a7139e3aa28cf825d5585a9534f52e15bfc7540cef02a8ec77411acf126d |
C:\Users\Admin\AppData\Local\Temp\de5a86041cab2ff988aacee71572e4ce65a544bafcf09b58488097aff35e8903.exe.exe
| MD5 | ff2e766ee874a6d2e8b966ab96f8d850 |
| SHA1 | 31f26b0a8fefb5d06d3c31ad31566ad7b206c8ef |
| SHA256 | 48d25caf8e408b825bef6bf5d48aef0d555572feb0e5300da803c2222e1ffa1d |
| SHA512 | 1caa9a340ed5bfc254762b9d04e655e936592433265d7135ac880aadb451fc811fd5430f7f932885c164de559a0d3e7cca2db6d738e9c4e5262556adc8d54e4b |
memory/4472-5111-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4436-5115-0x0000000000400000-0x0000000000445000-memory.dmp
memory/832-5119-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5572-5123-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3724-5127-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5588-5131-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2492-5135-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2748-5139-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1664-5143-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5024-5147-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4428-5151-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2756-5155-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4824-5159-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1604-5163-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5832-5167-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1740-5171-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5600-5175-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5760-5179-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5736-5183-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1508-5187-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4408-5191-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3112-5195-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5740-5199-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3080-5203-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5836-5207-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6008-5211-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2116-5215-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5892-5219-0x0000000000400000-0x0000000000445000-memory.dmp
memory/244-5223-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4796-5227-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2244-5231-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5376-5235-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2488-5239-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1840-5243-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2780-5247-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1952-5251-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2696-5255-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1576-5259-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5652-5263-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4124-5267-0x0000000000400000-0x0000000000445000-memory.dmp
memory/768-5271-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4624-5275-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3324-5279-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1852-5283-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1136-5287-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4556-5292-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5036-5297-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4616-5302-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5940-5307-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2404-5312-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1396-5317-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5868-5322-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2324-5327-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5248-5332-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2032-5337-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1684-5342-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1600-5347-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3228-5352-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5156-5357-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3164-5362-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1356-5367-0x0000000000400000-0x0000000000445000-memory.dmp
memory/996-5372-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3156-5377-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3848-5382-0x0000000000400000-0x0000000000445000-memory.dmp
memory/244-5387-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4084-5392-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4068-5397-0x0000000000400000-0x0000000000445000-memory.dmp
memory/432-5402-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1096-5407-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4304-5412-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1884-5417-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5144-5422-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2388-5427-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1376-5432-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-5437-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6056-5442-0x0000000000400000-0x0000000000445000-memory.dmp
memory/940-5447-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5528-5452-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1428-5457-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1136-5462-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3720-5467-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5036-5472-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3900-5477-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5012-5482-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3888-5487-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2484-5492-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5832-5497-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1316-5502-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5780-5507-0x0000000000400000-0x0000000000445000-memory.dmp
memory/464-5512-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1684-5517-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2352-5522-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3916-5527-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4020-5533-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4968-5538-0x0000000000400000-0x0000000000445000-memory.dmp
memory/344-5543-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5460-5548-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2116-5553-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5892-5558-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4104-5563-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3876-5568-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1756-5573-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1892-5578-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3124-5583-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1760-5588-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5020-5593-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1692-5598-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2292-5603-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3968-5608-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-5613-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1488-5618-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4624-5623-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3324-5628-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1852-5633-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1568-5638-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1656-5643-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4992-5648-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5684-5653-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4520-5658-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5524-5663-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1560-5668-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2604-5673-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5864-5678-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2912-5683-0x0000000000400000-0x0000000000445000-memory.dmp
memory/8-5688-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5708-5693-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1600-5698-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1608-5703-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3544-5708-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4452-5713-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2420-5718-0x0000000000400000-0x0000000000445000-memory.dmp
memory/108-5723-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5176-5728-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3972-5733-0x0000000000400000-0x0000000000445000-memory.dmp