Analysis Overview
SHA256
61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627
Threat Level: Shows suspicious behavior
The file 61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Reads user/profile data of web browsers
Executes dropped EXE
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Program crash
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 18:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 18:34
Reported
2025-07-04 18:37
Platform
win10v2004-20250502-en
Max time kernel
149s
Max time network
141s
Command Line
Signatures
Executes dropped EXE
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Internet Explorer\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\loc\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pt_PT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\include\win32\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\133.0.6943.60\default_apps\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E295F3A3-993A-4EA0-9ABE-A1B69525FC35\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\images\cursors\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\reports\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\fur\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\edge_BITS_4536_397408738\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f4\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Internet Explorer\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\security\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\amd64\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\edge_BITS_4396_1915477713\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\MsEdgeCrashpad\reports\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Logo1_.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Logo1_.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a881C.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8973.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8DD8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91D0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9395.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9858.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9AD8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D0B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9FAB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA1DD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA400.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA671.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2248 -ip 2248
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA894.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 976
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAA7.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2248 -ip 2248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 976
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC2E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAEBE.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB1EB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB297.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB323.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3CF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB46B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB536.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB5C3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB68E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB72A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB798.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7E6.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB844.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB8F0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB95D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB9BB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA57.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAE4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB70.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBCE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC6A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCA9.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCF7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD64.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDB2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE00.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE7D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBECC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF39.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF97.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFF4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC062.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0B0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0FE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC16B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1BA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC227.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC285.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2D3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC321.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC39E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3FC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC459.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4C7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC515.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5A2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5F0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC63E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6AB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6F9.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC767.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7C4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC813.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC870.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC8DE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC92C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9A9.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9E7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA45.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCAB2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB20.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB9D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC49.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCA6.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD23.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD72.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCDDF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE3D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE9A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCEE9.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCF46.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFA4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFF2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD040.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD0BD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD12B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD188.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD1D7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD234.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD282.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD2E0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD32E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD38C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3DA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD428.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD486.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD4E4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD532.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD59F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD5ED.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD68A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6F7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD764.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD793.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7F1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD84F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8AD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8EB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD958.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9A7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA14.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA52.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAA1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAFE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB4C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB9B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDBF8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC56.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCB4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD12.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD6F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDCD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE1B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE79.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDED7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF34.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF83.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFF0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE02E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE07D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE0EA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE138.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE186.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE1E4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE232.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE290.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE2CE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE32C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE399.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE3E8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE445.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE4B3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE501.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE56E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5CC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE61A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/668-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/2248-8-0x0000000000400000-0x0000000000445000-memory.dmp
memory/668-11-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a881C.bat
| MD5 | 55a31e5c4c749c5871739444e73a5982 |
| SHA1 | 361af3bb038bfee56df8809a3c4879c874015429 |
| SHA256 | 0b493f44aa2306a4546adbaa5d74f0e9d43a66f5bd072330a977195f34f47e90 |
| SHA512 | 97ee40c10360e35f07e70b31634e30a21bbbc29dddebd066abd789eccb914f8b8a937c287e8b6e2d625052e4a962284260c4eea4a5cf37d95f77749c316985e9 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 7951dd28074c9675bcd4eb608b6061c6 |
| SHA1 | f8f7201750ed66227e97ab2338e8acd8860089a9 |
| SHA256 | ba58c4a3b1b489f41840dd04aadbf94547c6ba6fd64872df654ddcd3fd5152f7 |
| SHA512 | 69b445e69ec278c1dc48bc16bab5a3b0260b1841b3378d548e330b3d245635970ca795a93758831ec87e03fbbfebddb277d8206359dfcd9b42f08442b326e96e |
memory/3024-20-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8973.bat
| MD5 | f5d670422807815442f8db3761476002 |
| SHA1 | 22b7f7212435f17d1613a8d47b766d04c7a2862a |
| SHA256 | b7c3fe4d59c277ef7b9cb4ee4771b5d205d4519b71fab7114b298a16a855feb8 |
| SHA512 | 62cbd73e3d6ed96eff08905435f0c4e6a5cad0e0fc7535bd6a615c1e7c14a4c1384136a1145a53e3ff328deb7ecde08a3557cf70a7a8b2fc98c444083c4072f9 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | d9d642efed3da47cbfa72ac51901d2b7 |
| SHA1 | e1adfc2f0f862f756756384b7959fb213cf8eb27 |
| SHA256 | 6fd24c7e1c82062aa995f2046ef0b513c4a6bf65879cc6f13a76a5812c535c9c |
| SHA512 | fd7bbe8fbcbf00ffb85bab4565a2d5f9b3dbfcd5db0ea323755420ad9d514e661dd6138d9a7925cb2dc9d54b26b0509da9216409b0d3afca5bbd40a6332c4316 |
memory/3612-27-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat
| MD5 | 7a3e343490b5123a2a5f29108eb91e94 |
| SHA1 | 6a8e64e1132c4aeaf8377bcd302b26830e8eb3c6 |
| SHA256 | c1cd74d430316409a508ef91cebea0c081606ca7086d1647ef057253ca428e74 |
| SHA512 | ba3011c94601d644d62e6382858a6b7682fc8ddd9edb70c2c3a72c217043eb7a76b7f3aac5bf16f57689de97c13246dbf491c6c747811a129c28b64477d2776a |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 53142b889c736ebe73da2f3bee4804ed |
| SHA1 | eddbabf8695c88547162db1b2994f8036cdc5d20 |
| SHA256 | 4afbedd7140a05726cb268b44f293dc8254b86aafa1481642572f1edf7b2d620 |
| SHA512 | 29a743cbf1297ab17646d2dc8e838a6bdb4416b0918ed734fc5d7e2e4daebc8ce012b0b58d1c50f0a943ed42417326e691f68269412d773e5a19ed4f217da14e |
memory/2848-33-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2848-37-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8DD8.bat
| MD5 | 0db4ae96d341296dd18f32b8b2098358 |
| SHA1 | a3b05706179a88005c2ea15793ad407480869333 |
| SHA256 | f27680209969e88da5eab7170efe34a8c10de6b3c7697a62be1cc5eae606f080 |
| SHA512 | 486ba205ae39cfb381d366ea5a28b78d07d9ac8546511897bfadaf4382a2e1d87664962724613263502778f7a4cc25281b62a291f1e07c1a06524415cb759ffb |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 29b7f2a0a43fae2bdb32d58fd90fb4bc |
| SHA1 | d9d3b3d03293ba694927549d107b41001a9295fc |
| SHA256 | 96265f9ed2752aa335cbce767316a2e10f0b9beb4fb4b389a419d661c0d61735 |
| SHA512 | 0bb09caf889830721e11ef4dcab8d3e42b3151ac09f93e15e547d67aeb9cef5ccd194a16006abcd912d6fd1d04114cbea26eb76c8abfde7a8ba57e5d118ec7ee |
memory/1268-45-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat
| MD5 | 0a886e4ec983400be97047451432b07a |
| SHA1 | 48d4dde18736635adfb85c0759644af08c808e38 |
| SHA256 | c5f9a452cb656e86caa514f9b517602cf3af769a5f17d73af3ce0593ab0d22d7 |
| SHA512 | 23ae08b2b2d95bb9dbf1f1021fa0c47660d0b26aeb464cb3af59ee1237d84a52029119c1dc998d05793ab43e678699640f6bee45a7feace3f4837786002a23eb |
F:\$RECYCLE.BIN\S-1-5-21-1153236273-2212388449-1493869963-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 3e4c23f8b3489eda94fdc5019503eeed |
| SHA1 | bc65653871578b00d4d17d97852f30f8f8f036a4 |
| SHA256 | 79cf21926dece873351cca1b8c6b999c60f01054e261827c99e11e4cd087bea6 |
| SHA512 | 6e981a01b3b768222e6fca332066adbc0eea599c76a2914b504ff7f7109ed1832d30cbd9fd3ae8663448b5540897052c9217587b8b2d0f28f765b82c7ec3d744 |
memory/3760-58-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a91D0.bat
| MD5 | 9873aecaa7daa9212754d45253f74183 |
| SHA1 | 326fdd90e1090682aa7b54c2603e54a85ca9b02d |
| SHA256 | b0675913e754fa9f262015472395d8766be69aafa114763a20fb3d01a171710f |
| SHA512 | d1ffe69607970acd3f6f9eea7e36a5588738ed0f8b2c05112238cafbc828b5d3fb4d4d7d03f79c0aa9516e04ba274bab453a76f683d9eba154dbfda375df5fd0 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 4a228b3c9fd3833432d84be7c8d9708b |
| SHA1 | d67aa32fc76bc132d430d95d20dd32e098b6cda2 |
| SHA256 | 8e711df4ee51a8b93c8cdf6d07b41ec801720926eb31a324900801df9a6afea5 |
| SHA512 | c6d2da12d3b5040bc15981324ec06c994d336cb7844e2aef6f75b359ef3a37e42cbfe837cb286c4881a85560056d4ce53b14522883ca774f8b1245786ea11838 |
memory/4636-65-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9395.bat
| MD5 | c61be2695d696d668b62d2b03332e70b |
| SHA1 | 656f6060cb65ba24a64090dcc1a73782e10edbda |
| SHA256 | 4740c66efb681f553b9d563236dee85c114ba0884ded09c5205bdbbbc1dbe80d |
| SHA512 | 0465449aa55aa7d9b4fbff0262c279ce4ae712fd95e2fd95f2e82a6508d75eab941d526ec87ae611f6c522f0ab1ae265dc013caf8b82dc30df3f107d7ce89634 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 8e6bb4d85bad395af83d0c61b925f971 |
| SHA1 | 6475cd7e7b34fa04ecc500b421981fe1ff617438 |
| SHA256 | 76a44ab1acb74988c4f364e4a9532468ad3e8bbf23c7657e0821a6692fb27505 |
| SHA512 | b82a96ac68b575f3b996c60ce54de56951edd927af8ed0229921886edef066d522b1b3d4a203bba653e80388dee4d6afdbf98ce21fad5004572c73bbd31ff6d5 |
memory/3768-76-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat
| MD5 | 1f78053f735966b28261dba18d171ae9 |
| SHA1 | d21b8618003ffe579716964a0ef8bb05f566491f |
| SHA256 | 72c5e1bd3caef972124e59bc9388a60b8c13f0c4eb609bd4c9c6367cbc33435c |
| SHA512 | f3a3816f4548e0f00f1d83290e013c63525e2106c36a46cacbfa5640f758ed5a037e66a298075a1a1e55491e9ee6e6e765109262f3eb90c65f9949393d386dce |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 79ba5757247519e0b52e7dcf48984c95 |
| SHA1 | bed7028788c0396b2c55d82763c14cc188f56681 |
| SHA256 | d959918b5d84f091d39312b7d4ea3a1bb54b5dc1afa874fe75ed90bf8f3d7289 |
| SHA512 | 595fb159ac57b63486cd8699f1942419f01208eb693f815ad88e29a589674bace036bfa12930436cad7865f2fa529e4b3299ddc77c1d8c4a8350aa258d1644cf |
memory/4516-85-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9858.bat
| MD5 | f5eceb663b34b87e97a3db16d0f0cca9 |
| SHA1 | 8c29477f2258f253bd7f4784d74b15647b56ae44 |
| SHA256 | a578b73b5682289246dff3133a6c54207b683a58e8b4886dd3fd1579c693307e |
| SHA512 | 8598a50acb90907f3e650af07c99b0a0c57377fc25b4a7805143de6be2f90e8bf6b7a14340d3a9b7afbeb01245a1dcc511b198427d68bd15e947d6f239b6bc86 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 5e7a70498f1b3bd901a740584325e35b |
| SHA1 | ace00cf12e896d6e9028c828652c03885a4f4891 |
| SHA256 | 4c03d544593461b8ad204ada444c20adf5c5f992c9b23ae914d9013daf6d3d97 |
| SHA512 | 4fd38764f82ae6565d756cfddfc5e205aeb96f2fca5b05bf135b5720911a393a207a6f390fa79a0ee6dbb585aa5cb0548776d853581d48cd4ec44f7549f184e6 |
memory/4740-92-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9AD8.bat
| MD5 | c83446b6ef05f8a9e37d0aa53ab70ca7 |
| SHA1 | 6ad47b06b2c40e07cb8046641668fd5d27ff226e |
| SHA256 | 41bd5b3a5ca5ac52bc73301ee7dd8c745349126491dad2f250a96eb428fbf98e |
| SHA512 | a8e6dff7369c43f10c8b4065a6dbf3e9dacb2c1338935716f104bcb81007d2672578aef854c98e5a67fe665429733a9cc412219eaba0df71c0fc22307dffd142 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 0458bec09b32103121c7c90d6edf8f8f |
| SHA1 | 301b79f3b028343f4bb28b1099dfe1d291be8594 |
| SHA256 | 59a0cd42318df066d1380aa2ca31e25cc287d64c950cf44e01bdbb871e21287c |
| SHA512 | a93f2aac660fffb39a2f7769c2c882d1733b901a4bd20e5dc2b077cf8c60af5ae805ee547c0415e0830205690ddb9771cfbad409d5b269b646574af031c42231 |
memory/2248-98-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4796-102-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9D0B.bat
| MD5 | 31ed7b3b8159c978789e0e98cbb0af44 |
| SHA1 | 004383969d2fa1a0283a79eb018b88e9e25f7637 |
| SHA256 | a1bc4d5f8556090fdcbef9870dfb18455f23579abd1de4a53b66dde83e383f53 |
| SHA512 | 9c4e13b9175fd0774d1cb929b58be79ccc63fd29e5126e14e94e6ffe3f7a1346a7d252eac60a690bcf8ea93553081124ff0ac4dc416443dacc30c37b682cff24 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | f35e9166b61bab6d2d3c4d7fd57707f1 |
| SHA1 | c12d339f1fa6212be6ac551367e2831449d15675 |
| SHA256 | 81f1a79833b76392b2e2002dbf1a930c0efed43f251d3a0d0af1edd85204fa75 |
| SHA512 | 841f6634b453bb47ca01ac8fe8a91a20e3a02e8229dbedaebc5e3edef9c14e5aad29219a8a4a17be0916e7b7cf79ff01026cbdefc7e893503b654f3f37aeea84 |
memory/1384-109-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a9FAB.bat
| MD5 | bc4ae7164f8b526a6484bfe6b733ed82 |
| SHA1 | eae312297f56780dee699c4878f2c70cf0b03456 |
| SHA256 | 628bb865f5e5f90edb005353d0ab8269cdafa57c0c1768e5c07c6b460984ebb8 |
| SHA512 | 674933aebeb330f5e2b1f2bb4ef6db4f89442ef353fb1194fc37a3f3f930610754e52935b4bbe4f9ae88a56cab84f5e6ab00328fbfaf177faaeb82ed05e0bc92 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | af544ba04af764209fc63fde6b71e503 |
| SHA1 | 36a3c328bbb8aab0dc0402be1908087b527fbcee |
| SHA256 | 3f32769e8b5ec379933950125b26a5aef1897129360c9e6d1e3f8b6459a2873b |
| SHA512 | 243756278c4a763de27af8c64d7d1e13cd53595230d5aa75e82fc80512829e53aaef731e8f2c29a4e99f05f721ab6efb14f4db9bf6c74c0f1e10b28bdd920f2a |
memory/3396-118-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA1DD.bat
| MD5 | 1e7ad5fdb25a8ef5ff3be69823b13053 |
| SHA1 | bd6ac21e0d31bcdca49f22a559c837bfaeed9645 |
| SHA256 | abb2f8a75a57859833373d9b445eefa988d70db14ff152671d5020e0ea4f926b |
| SHA512 | 08111d3d1a69c05e99a222b2606091c3e3c69a57d8a6a56369353205bc65ec5b53fb141fee672058b45fccbec26368c0031b2da4be081e3d6aca880ffc56360c |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | a73290887d27b9b60bb6f81df57562e5 |
| SHA1 | a92febb402310ca394f0b039e3fb60d6f68483cf |
| SHA256 | 89032efe3db5daa15fee68f5922fc751bea66db71a4be5b18aa16f20e163e0bc |
| SHA512 | 41e8827088dbe8ad904cafed2b8c1ab82873152835f9569f3b2277a961311c06377d68d6c827984533e11a273f10f51bafdc19d47ad08645fa8d9053daf2e0de |
memory/2588-125-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA400.bat
| MD5 | 17e67f7610131a8765d97b98686a95ba |
| SHA1 | 86c2693136b83d0267a8c490018b2a0b9f049365 |
| SHA256 | 2e0e61a138c2da2d07ccf589f054cae3c22537ca0df54912b9668403ff8ba7f3 |
| SHA512 | d2718e0886463b6baa101d31f96e0edf8b605944619d2d7f4d45770faa451b7fbeeb8928b9afdafc3e808d4f6b0c2e505261be322d628df2f4cfb6956d5ba9cf |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 8919744c338c6020603f8303d9bcde70 |
| SHA1 | a69cc73418ce0317fe40818148d687fefe263b11 |
| SHA256 | 4fd040a1867a59850471ef79a1e5e138305ba5685beb50c9d7eb2687a07d6364 |
| SHA512 | 242c5b80760f30d1b4a6105ce9848e8241d23a0b82ab6b57700c6cb3217df7b490143e0621e6466a7748d28fe9f0f2cc39bb47dfa017b647e950e245d222ed49 |
memory/4920-838-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA671.bat
| MD5 | f3556c5b2c4ab3496e1c5934b182f352 |
| SHA1 | 0b6393d171658e09af953ed2666379418a77a8b8 |
| SHA256 | 17b621a242d6ae9e2e0ebb47f9ce7ffb3ef355c6b4e83865ae010783643da71e |
| SHA512 | 9b70334886860d0641064b74da2379981bd9658e0e6a229ea408913592b97f248cce0a3b56da78d72c6b71187710e0925a43e68e93f9a41aed2ec079c791c5fd |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | a020fdeb1d6175a1cf4f495394b0b94c |
| SHA1 | f11c00afbe483d3ca4b7908cd6834ef10e842370 |
| SHA256 | 87d8c2ae0be2556c279900b62051d2c1402bd8abf0a2672ac442e8e182401be8 |
| SHA512 | 9cbf0c13c647945e3efb16d79e2d3e0796915a5d676d0714f9306860820d15ff08fd96d7ce2debf9c0a57490b4c93c229109957cb591f45d522197025c440b31 |
memory/5012-1639-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aA894.bat
| MD5 | 13586b4ffc9c2e69a3bbc764e43e99a8 |
| SHA1 | 56cd6e4856515fbfd5aa5f6841c3ae46d668b0ca |
| SHA256 | 62f393758b1e533736a0f2abc56536e1e52bf563bbf12ac24035a356472dd1c0 |
| SHA512 | 58c375e7485484c952294f84af369f8747734acbee7b2d940b54240bed6642d0c20039df38a91ebe2aaddce6dcf27532c255fef26101f2a139bed8301da183c2 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | c27948888438046626509961611af3fd |
| SHA1 | f67014fe7b410ea7042f1576075b92632458cd13 |
| SHA256 | e84597d6eea39db1ee7cf1043b7636f1922e95f726b4f616879ee1c239535cde |
| SHA512 | efe5fee6df8d9ac8b681a7cc74f4c205604cc96ecf16127254c950f1a6d0135a8dc3ea4d5dafbb9d051a85e852fa3d6d7de203ff65242e54d0f6863d7e802fb7 |
memory/3900-1646-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aAAA7.bat
| MD5 | 28be0ea017f9c2bf770c3e37f59df0a7 |
| SHA1 | fb64e5b920ab94ffde156ebf2cfb456f4d5d62da |
| SHA256 | 338b80d128f7449f8ecee3ef3d2eccff577b67d98d8907b70500ddd1da295c33 |
| SHA512 | 5e66d29d354feb40ca6b4ffa844404dea876114a18209bac251c10ad2f1e4de91e7159c6927fb984502ac0f343f91abe4f342f9e65b80d438650d71fc81176db |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 46680b6766e5e53499f4bda441cc5ffe |
| SHA1 | 5422c571d3cba03c5cba6be09b9187cbeea09c7d |
| SHA256 | 89658870a62883512511d5f596ba13317389de133909cabfa9b47ce4fc172433 |
| SHA512 | 502a25fd4c76b9496592ad7f32bc8f787fd77e980263d04af6ff8c0a57e874381e12a9ae8dfef97f5481cdabd396298c13cd72c3026e8a799eb0d0761d36f146 |
memory/1848-1653-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aAC2E.bat
| MD5 | 06888f25c4f1bd6c6b00269cf17e060c |
| SHA1 | e2602d40276ed25bd4d44baa71aae4138a11a159 |
| SHA256 | 31ac8d4d4caecaa90faa1dbd46f774bdd0ba2cfa0e4c2fef6919eced2d29bac8 |
| SHA512 | b00f63f933925f29c66d1082d87fab205a4f7ec36c627de1406840ae7fd420fe5cc1f5376f91c3b31f1f38d73b60379e683885efc3d9f6a0fa78dee5dc1d139c |
memory/2248-1654-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 85a2f15180ba32291fa04a10cc9c26dc |
| SHA1 | 89dec3e9f0f2c806880fe5d855d337366e28ff72 |
| SHA256 | d3316e7693846ddc25d7fe433a69a877f806fa218d6fbe47054b384446edcd79 |
| SHA512 | ab24e48af3526fb9c18a1bfc214e17692e9dde44507812dff582b04ef0aa0924ea4d33c68d8926f8e0707a2b153baf8b07878eaa5c183813a9901367b4e15790 |
memory/3748-1666-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3228-1667-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aAEBE.bat
| MD5 | 56f780ad006a16376fa4f1a89fca3a8e |
| SHA1 | 8b0b097e7c2db0ff40282f9cff7beafa290c9920 |
| SHA256 | 274f7d13f66083d4dbe91242e4fa0e0a3ea6af87611ee484471b8c69fb3fd975 |
| SHA512 | fd8aacff1a1a3da5dba2fc549a223fc3c475af2f84e989ff9becb8fc02a31ce214a9541049d002bc7d7579079e422269fef74b437a431b08cd0b183a909fc436 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | f2f8f18413fb83a9f083e6e428f8cbf9 |
| SHA1 | ca2cee4c0df1cc74fc362cc1713871c00106c61f |
| SHA256 | 0797b5cea8d82c6a33af5343b1c4305228ce47b84e67d9e988cc57e3fcb6fc50 |
| SHA512 | e298bd4462f920affcfbd7644393e8501f21b4e0d3372c35dd1e1fec552c5db91deb05022153360ffacd5de64adc8ffd7eb14ce51af766d7bf540fa558f56741 |
memory/5000-1676-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1864-1680-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2332-1684-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4976-1688-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3340-1692-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3328-1696-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1528-1700-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1544-1705-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2904-1709-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3748-1710-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5280-1714-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1744-1718-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6136-1722-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2316-1726-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2628-1730-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4512-1734-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2148-1739-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4516-1743-0x0000000000400000-0x0000000000445000-memory.dmp
memory/980-1747-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1716-1751-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4860-1755-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5428-1759-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4916-1763-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1624-1767-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2908-1771-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6052-1775-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2472-1779-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3224-1783-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3644-1787-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5332-1791-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5420-1795-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2256-1799-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2384-1803-0x0000000000400000-0x0000000000445000-memory.dmp
memory/376-1807-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6064-1811-0x0000000000400000-0x0000000000445000-memory.dmp
memory/432-1815-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5736-1819-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4228-1823-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5888-1827-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2556-1831-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1248-1835-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6060-1839-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4348-1843-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3608-1847-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4164-1851-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4064-1855-0x0000000000400000-0x0000000000445000-memory.dmp
memory/212-1859-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3616-1864-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5376-1869-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2260-1874-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4012-1879-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5028-1884-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4676-1889-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3256-1894-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4828-1899-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3848-1904-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4416-1909-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1384-1914-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2204-1919-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3500-1924-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4252-1929-0x0000000000400000-0x0000000000445000-memory.dmp
memory/764-1934-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3584-1939-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5368-1944-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4132-1949-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2456-1954-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3296-1959-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5200-1964-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5592-1969-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3312-1974-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5632-1979-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3604-1984-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3960-1989-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5888-1994-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4040-1999-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4000-2004-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1492-2009-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1344-2014-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5668-2019-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3744-2024-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1880-2029-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1872-2034-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4720-2039-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4788-2044-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3760-2049-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3756-2054-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4784-2059-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5784-2064-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2236-2069-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3464-2074-0x0000000000400000-0x0000000000445000-memory.dmp
memory/952-2079-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3576-2085-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1292-2090-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2816-2095-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1956-2100-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2252-2105-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2144-2110-0x0000000000400000-0x0000000000445000-memory.dmp
memory/612-2115-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2560-2120-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5296-2125-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2944-2130-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5488-2135-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3664-2140-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2548-2145-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3604-2150-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4100-2155-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2704-2160-0x0000000000400000-0x0000000000445000-memory.dmp
memory/228-2165-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1248-2170-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1712-2175-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2904-2180-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1780-2185-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4564-2190-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5856-2195-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4484-2200-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4500-2205-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4520-2210-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4488-2215-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2068-2220-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4756-2225-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4760-2230-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4728-2235-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4916-2240-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3564-2245-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1292-2250-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3508-2255-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3584-2260-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2132-2265-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4316-2270-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3396-2275-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2508-2280-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3512-2285-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1432-2290-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1960-2295-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4292-2300-0x0000000000400000-0x0000000000445000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-07-04 18:34
Reported
2025-07-04 18:37
Platform
win11-20250610-en
Max time kernel
150s
Max time network
105s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\co\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\Addons\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\edge_feedback\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\MSBuild\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\MEIPreload\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ar\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\zh_TW\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\PdfPreview\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\host\fxr\6.0.27\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\include\win32\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Logo1_.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6716.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6830.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C95.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DDD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F15.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a705D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71B5.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a72EE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7407.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a753F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7668.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77B0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7995.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79E3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B1B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D5E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E86.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FBF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8136.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8194.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a81F1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8240.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a829D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a831A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8388.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8405.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8453.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84A1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84DF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a857C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8628.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a86D3.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a878F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8889.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89B2.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8ACB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B38.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B87.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8C42.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8CCF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D1D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D7B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8DC9.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8E26.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8EE2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90C6.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91C0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a93D4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a948F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a954B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9616.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a96D1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a975E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9829.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9904.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a99BF.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9A4C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9AE8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9C11.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CEC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D69.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9DB7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9E34.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9EA1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9EFF.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F7C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9FCA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA028.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA066.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0D4.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA18F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA400.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA46E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4BC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4FA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA558.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5D5.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA633.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6A0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6FE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA76B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7AA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA807.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA856.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8A4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8F2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA950.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9AD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9EC.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA3A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA78.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAC7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAB24.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAB63.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aABB1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC0F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aACCA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aADD4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE80.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF2C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB006.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB0C2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB16E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB239.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB2E5.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3B0.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB769.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB844.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB90F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB99B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAA5.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAF3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB51.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB9F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC6A.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCB8.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD55.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDC2.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE2F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE9D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBEEB.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF39.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF87.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFF4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC052.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC091.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0EE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC15C.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1BA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC208.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC256.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2B4.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC302.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC36F.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3CD.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC41B.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC469.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4B7.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC534.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC573.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5C1.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC62E.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC66D.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6CA.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC719.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC786.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7F3.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC832.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC870.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC8CE.bat
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"
Network
Files
memory/1796-0-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4f07b7c07db3deeaef154a2f2c9646b0 |
| SHA1 | 6ada698575fd2ce3b8041f85d04dad5bd846a03f |
| SHA256 | 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c |
| SHA512 | 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90 |
memory/3596-8-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1796-10-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a6716.bat
| MD5 | cb148c5a53995165f1760430b5b0d825 |
| SHA1 | 71e61f9bba09b32627fdaf469911d56fc2ab2bbb |
| SHA256 | 902b678fcc30fb97fc47ea2f65526dcf32242ba7ab6e55a8c95bd4844bf467da |
| SHA512 | 059f4835ccd417b855b6c57355526bdcef28e9a7e405871327d32f704b907d3b907cede48fe4ba2cb93f6469e61d72cfb99b41a77b0f02e90038838a68c23316 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 7951dd28074c9675bcd4eb608b6061c6 |
| SHA1 | f8f7201750ed66227e97ab2338e8acd8860089a9 |
| SHA256 | ba58c4a3b1b489f41840dd04aadbf94547c6ba6fd64872df654ddcd3fd5152f7 |
| SHA512 | 69b445e69ec278c1dc48bc16bab5a3b0260b1841b3378d548e330b3d245635970ca795a93758831ec87e03fbbfebddb277d8206359dfcd9b42f08442b326e96e |
C:\Users\Admin\AppData\Local\Temp\$$a6830.bat
| MD5 | dc1331d2af061e78751c2f1becb8a4ff |
| SHA1 | ec1951e2c23ccc8c637dd00d2ff51550c78b2f31 |
| SHA256 | 56d7cfe48e7ddd4340896f24060b084af4cd68fe94c833e9d16bf3e080253281 |
| SHA512 | 4a5806b71401f724cad28af9fd64c6e54c5b5b9f81913623bb7cd23d95d72dc17f63cd6c5e05b6f26c766a447080891d6bee36c44fbe30384b97ad83d8e1f837 |
memory/6036-20-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | d9d642efed3da47cbfa72ac51901d2b7 |
| SHA1 | e1adfc2f0f862f756756384b7959fb213cf8eb27 |
| SHA256 | 6fd24c7e1c82062aa995f2046ef0b513c4a6bf65879cc6f13a76a5812c535c9c |
| SHA512 | fd7bbe8fbcbf00ffb85bab4565a2d5f9b3dbfcd5db0ea323755420ad9d514e661dd6138d9a7925cb2dc9d54b26b0509da9216409b0d3afca5bbd40a6332c4316 |
memory/5808-27-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat
| MD5 | ec5bab1da627fefe537ede44556bfabf |
| SHA1 | c4f667fc8d63cd7031a91219d3e4835a1c873814 |
| SHA256 | 6e0144cdeeea4e25137b84e96fdeba29971112cf68ec7f29e02516fc365364e0 |
| SHA512 | 8cff32afebc08ffbcfdec5b4681a0c1389beb64ccb047b8e42aa1ded70ba8120b4bc1f1b0fb236d32d9c2e86d3d0d815948348f402cb2c164144572fb8617c3d |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 53142b889c736ebe73da2f3bee4804ed |
| SHA1 | eddbabf8695c88547162db1b2994f8036cdc5d20 |
| SHA256 | 4afbedd7140a05726cb268b44f293dc8254b86aafa1481642572f1edf7b2d620 |
| SHA512 | 29a743cbf1297ab17646d2dc8e838a6bdb4416b0918ed734fc5d7e2e4daebc8ce012b0b58d1c50f0a943ed42417326e691f68269412d773e5a19ed4f217da14e |
C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat
| MD5 | ad0f4c7fa875697618b6d11662dd4da1 |
| SHA1 | 6c224c264071c802f55e61c9855d4a30d5bd9b9e |
| SHA256 | 543b54b7e575d9a629a52a31c7a028d052fb64ad692d79fccd4c9ebd99773302 |
| SHA512 | 7c1f4c03bdcb47796a95b40754df9be0ac1b8838e44b13905f145b2f3846c380b0265de5301645f36433bd3a3ba523d50aa4201184966996e4d3ef551a8054f5 |
memory/5576-34-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 29b7f2a0a43fae2bdb32d58fd90fb4bc |
| SHA1 | d9d3b3d03293ba694927549d107b41001a9295fc |
| SHA256 | 96265f9ed2752aa335cbce767316a2e10f0b9beb4fb4b389a419d661c0d61735 |
| SHA512 | 0bb09caf889830721e11ef4dcab8d3e42b3151ac09f93e15e547d67aeb9cef5ccd194a16006abcd912d6fd1d04114cbea26eb76c8abfde7a8ba57e5d118ec7ee |
C:\Users\Admin\AppData\Local\Temp\$$a6C95.bat
| MD5 | 470c6a47f5440c2ec45485e434865622 |
| SHA1 | a18a2bf46fc4580e75870b373aaadc268eb2677e |
| SHA256 | d95cb2bdeb56e8cb499bd6bfe742b1b0834b7fb6a4bc6d2ca18039e93e2c68e4 |
| SHA512 | 7144b62b01a44832719a23c21b1a35fcaa21e03e87d2ba255aa0b05ac0d84e84e11b34721c6d10c29dc5ee9b97e336c6a1857fcb759f10b23f16fe5fd28289b7 |
memory/4960-43-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 3e4c23f8b3489eda94fdc5019503eeed |
| SHA1 | bc65653871578b00d4d17d97852f30f8f8f036a4 |
| SHA256 | 79cf21926dece873351cca1b8c6b999c60f01054e261827c99e11e4cd087bea6 |
| SHA512 | 6e981a01b3b768222e6fca332066adbc0eea599c76a2914b504ff7f7109ed1832d30cbd9fd3ae8663448b5540897052c9217587b8b2d0f28f765b82c7ec3d744 |
C:\Users\Admin\AppData\Local\Temp\$$a6DDD.bat
| MD5 | e46bf61fa67617eec67bb7999da2cb85 |
| SHA1 | d154131a19063fc9155a7872ab969fc7c259de88 |
| SHA256 | 988054dd51bfeee5f52cc876f7d907aef25bd390a35310cb74b1bb826558e246 |
| SHA512 | 3734c03ed24e3af5319722cbc811970f5bc4517a61ceedfbf26a3d6f5331b7f5ccddee045ac1d06d131349f7a018f780c8c8be044d5cf908483108851ddbfa68 |
memory/2348-51-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 4a228b3c9fd3833432d84be7c8d9708b |
| SHA1 | d67aa32fc76bc132d430d95d20dd32e098b6cda2 |
| SHA256 | 8e711df4ee51a8b93c8cdf6d07b41ec801720926eb31a324900801df9a6afea5 |
| SHA512 | c6d2da12d3b5040bc15981324ec06c994d336cb7844e2aef6f75b359ef3a37e42cbfe837cb286c4881a85560056d4ce53b14522883ca774f8b1245786ea11838 |
C:\Users\Admin\AppData\Local\Temp\$$a6F15.bat
| MD5 | 296a89ea804e8b2497f9ba16e629b21e |
| SHA1 | 1e76932e96f32bfb1560c1add4d135b339a5b22e |
| SHA256 | 36816294ef5ad8f97085b05e638ab526582ed2e505676c66243bae09f1edf0cc |
| SHA512 | 861fece1691fe7f7ea75f132c589713e9b6cb9160aeab10cc3f9967dc3d012882c6df55cda24f6d02c54d263f0614a8396f36fb175dec8a8dc9fd64029f83a8b |
memory/4204-58-0x0000000000400000-0x0000000000445000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-2238466657-712128251-1221219315-1000\_desktop.ini
| MD5 | 6ef23bccadc81fb82d7eeecab7166eed |
| SHA1 | 379fb55375f791483209d02402c6c359fe6afc12 |
| SHA256 | da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a |
| SHA512 | 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 8e6bb4d85bad395af83d0c61b925f971 |
| SHA1 | 6475cd7e7b34fa04ecc500b421981fe1ff617438 |
| SHA256 | 76a44ab1acb74988c4f364e4a9532468ad3e8bbf23c7657e0821a6692fb27505 |
| SHA512 | b82a96ac68b575f3b996c60ce54de56951edd927af8ed0229921886edef066d522b1b3d4a203bba653e80388dee4d6afdbf98ce21fad5004572c73bbd31ff6d5 |
memory/4852-71-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a705D.bat
| MD5 | 0a435014b53f99043ec3ec76bad79693 |
| SHA1 | 0a7795887cec728d0ea351a2cd298a6149eb8439 |
| SHA256 | fd6e8b98f5fa11c2a2fd55020bf19cb46b9c024be48cceaed5d8bb338e29a399 |
| SHA512 | 72baa819006871aafd326d4615238bbf383fedf5243f30605bcb5fa0df610c4ca7730f594618aa40dd79b1aaac8926192c886efcbd36875c1985427402f3b3c3 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 79ba5757247519e0b52e7dcf48984c95 |
| SHA1 | bed7028788c0396b2c55d82763c14cc188f56681 |
| SHA256 | d959918b5d84f091d39312b7d4ea3a1bb54b5dc1afa874fe75ed90bf8f3d7289 |
| SHA512 | 595fb159ac57b63486cd8699f1942419f01208eb693f815ad88e29a589674bace036bfa12930436cad7865f2fa529e4b3299ddc77c1d8c4a8350aa258d1644cf |
C:\Users\Admin\AppData\Local\Temp\$$a71B5.bat
| MD5 | a44d7218b366c4ea0ec51c5a7630fffb |
| SHA1 | 969c3c107b1d2035b8152782cdb856dea6ae0dd2 |
| SHA256 | 588b417d2a0ecb75f6c04add7f696698c8f0570aef77484c44511a36e3611744 |
| SHA512 | d6ccc2db1b29d55473fa91046adf66814bf72825afcb3d1b46fd61ee93a8ce7e0c98fe0c0d1cd8b4c4513fc6890e0cf4e6e9cadcd820e6644ab7662118157137 |
memory/4080-78-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 5e7a70498f1b3bd901a740584325e35b |
| SHA1 | ace00cf12e896d6e9028c828652c03885a4f4891 |
| SHA256 | 4c03d544593461b8ad204ada444c20adf5c5f992c9b23ae914d9013daf6d3d97 |
| SHA512 | 4fd38764f82ae6565d756cfddfc5e205aeb96f2fca5b05bf135b5720911a393a207a6f390fa79a0ee6dbb585aa5cb0548776d853581d48cd4ec44f7549f184e6 |
C:\Users\Admin\AppData\Local\Temp\$$a72EE.bat
| MD5 | a5e81a53630c0b50125db2595d9a201a |
| SHA1 | 20c2546100370474eeea2a8733169991f70c10fb |
| SHA256 | 3944558d2dcf79c5a4ade3ebb1d506f3afc8ff8451bc2f5d5e86c1e72641328f |
| SHA512 | 6dcf1e2ac8d476bf269d93f6eb8c74afd691f7de23b174028a6d6cc20340836bbc3c05dffaf1b49a5b947f909ef3485e310a9cf31780c9e00ba898e9a0ba611d |
memory/2008-85-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 0458bec09b32103121c7c90d6edf8f8f |
| SHA1 | 301b79f3b028343f4bb28b1099dfe1d291be8594 |
| SHA256 | 59a0cd42318df066d1380aa2ca31e25cc287d64c950cf44e01bdbb871e21287c |
| SHA512 | a93f2aac660fffb39a2f7769c2c882d1733b901a4bd20e5dc2b077cf8c60af5ae805ee547c0415e0830205690ddb9771cfbad409d5b269b646574af031c42231 |
C:\Users\Admin\AppData\Local\Temp\$$a7407.bat
| MD5 | ae35625e14a53bac93a6b2de1e1fc132 |
| SHA1 | e580d1f9995900372fbe6089a345c49f2cf8a7ea |
| SHA256 | ee106a36f9c4fd048318085f8a5f88c90eab9723301f3637cf25608bc6b602fd |
| SHA512 | 4cdfae15f1027f988d0c348cf9031528b8c0de6397b90ceb9663aadc3e2ab91b71f6f0f370a678440c03da6bfb45d1c533410323ec1fd67b4252031efa75156e |
memory/1620-97-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3596-93-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | f35e9166b61bab6d2d3c4d7fd57707f1 |
| SHA1 | c12d339f1fa6212be6ac551367e2831449d15675 |
| SHA256 | 81f1a79833b76392b2e2002dbf1a930c0efed43f251d3a0d0af1edd85204fa75 |
| SHA512 | 841f6634b453bb47ca01ac8fe8a91a20e3a02e8229dbedaebc5e3edef9c14e5aad29219a8a4a17be0916e7b7cf79ff01026cbdefc7e893503b654f3f37aeea84 |
memory/5864-104-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a753F.bat
| MD5 | 159e99010494c8ecfb62b957b4bc291f |
| SHA1 | 411665f40fd6ebc3193981971f905d13c3b0dccc |
| SHA256 | c7fbb20bef4a5fbe95ac9accf4ef28b68332844bbe1cf76b99f7ac71216af385 |
| SHA512 | 87f4b4c5f6c165c7588e421cdb4c32fe21aff9a38bcafea9a0b3e9024af73c3af9cbb51fb85e5466af308c8b7a51d92117252d5a631c86830aaa436684749ebe |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | af544ba04af764209fc63fde6b71e503 |
| SHA1 | 36a3c328bbb8aab0dc0402be1908087b527fbcee |
| SHA256 | 3f32769e8b5ec379933950125b26a5aef1897129360c9e6d1e3f8b6459a2873b |
| SHA512 | 243756278c4a763de27af8c64d7d1e13cd53595230d5aa75e82fc80512829e53aaef731e8f2c29a4e99f05f721ab6efb14f4db9bf6c74c0f1e10b28bdd920f2a |
memory/5132-111-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7668.bat
| MD5 | f602895f0bc57e1ba2a7f5c992741a80 |
| SHA1 | cd70f7a7e3211be5dadaec68027bd9c595ac77dc |
| SHA256 | a90f3c382233e80832cc6f1c84415cb892308f7119e4d74312c040485cb4eb8d |
| SHA512 | 10b587674aa479cac012ad678ee15655cc100a8213ae6f8af2d4d41b6dc78b8d79cd8c5b2163102f1d4e110ce951567d7a5fdf93b3a4684cd09bcae0798f123a |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | a73290887d27b9b60bb6f81df57562e5 |
| SHA1 | a92febb402310ca394f0b039e3fb60d6f68483cf |
| SHA256 | 89032efe3db5daa15fee68f5922fc751bea66db71a4be5b18aa16f20e163e0bc |
| SHA512 | 41e8827088dbe8ad904cafed2b8c1ab82873152835f9569f3b2277a961311c06377d68d6c827984533e11a273f10f51bafdc19d47ad08645fa8d9053daf2e0de |
C:\Users\Admin\AppData\Local\Temp\$$a77B0.bat
| MD5 | f9ad6a91cb04c03391b00da15125af90 |
| SHA1 | f0671255d9d0f83a900954878fa5c01ea9e238ad |
| SHA256 | 7d0d76ef8a338f01bc2b6fde30fa20abf776bc232ed3b2a835f207a6a7de9a1e |
| SHA512 | fc066ef271de52265ed6689c55b3c7f9fa017156f0b7e0b6e72ac2c60e20bc2b9e67ba0e330d1faa1ba6850a057a3b77a04e70eab006f24adf89d801a262817c |
memory/716-118-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 8919744c338c6020603f8303d9bcde70 |
| SHA1 | a69cc73418ce0317fe40818148d687fefe263b11 |
| SHA256 | 4fd040a1867a59850471ef79a1e5e138305ba5685beb50c9d7eb2687a07d6364 |
| SHA512 | 242c5b80760f30d1b4a6105ce9848e8241d23a0b82ab6b57700c6cb3217df7b490143e0621e6466a7748d28fe9f0f2cc39bb47dfa017b647e950e245d222ed49 |
memory/1160-128-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7995.bat
| MD5 | 4f0e88da7374a73a735786add6be83da |
| SHA1 | 721e1beb9984f6a4004472464392e69525f06f19 |
| SHA256 | 1f21e9e19db3e6444a4dd15cd7b4ffb9908829e5390f702c86ded0868517f3aa |
| SHA512 | 5886d3cf165f030c189538a614cd29eacb46c5b5d3bc489e3dd782748da32a89090da2e5accf65b5b8bf3f9d679c130d6bea63c2275639e39e1b995dd79a5c03 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | a020fdeb1d6175a1cf4f495394b0b94c |
| SHA1 | f11c00afbe483d3ca4b7908cd6834ef10e842370 |
| SHA256 | 87d8c2ae0be2556c279900b62051d2c1402bd8abf0a2672ac442e8e182401be8 |
| SHA512 | 9cbf0c13c647945e3efb16d79e2d3e0796915a5d676d0714f9306860820d15ff08fd96d7ce2debf9c0a57490b4c93c229109957cb591f45d522197025c440b31 |
memory/3128-135-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a79E3.bat
| MD5 | cf4524af1951378c6331124b0afb0400 |
| SHA1 | ee06fef0af7a7f6e4040dc30ea5ce1554a0c7365 |
| SHA256 | 844207c7ee285b243d67a7cf9d84b3369875b3e343cd72db6fcbec638de2ea66 |
| SHA512 | a2182050292d5bdf0b55fb430eb06c73b3135032650bc150789027638987c2cb41bcecd79f11dc8cc584ab307190ba4dbcaf5b7bc3f8d9e4f40776c2546a940b |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | c27948888438046626509961611af3fd |
| SHA1 | f67014fe7b410ea7042f1576075b92632458cd13 |
| SHA256 | e84597d6eea39db1ee7cf1043b7636f1922e95f726b4f616879ee1c239535cde |
| SHA512 | efe5fee6df8d9ac8b681a7cc74f4c205604cc96ecf16127254c950f1a6d0135a8dc3ea4d5dafbb9d051a85e852fa3d6d7de203ff65242e54d0f6863d7e802fb7 |
memory/4488-142-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7B1B.bat
| MD5 | 9211dd592f7c81a1efa726ba73ca13f6 |
| SHA1 | fdf56914223f346b40499ef67ece3e179ffe7e57 |
| SHA256 | df479960ef3d84cd9be1cc223150598fa3488dd3d814f94ce2c92d684835ede6 |
| SHA512 | c09d57cc944c0fd9d7f197e7f3897771baef05d348e0b2fc389d50675d74299d993a7800571c37d625987b412e2b4eb45458004b2f9d0fbeb2148f4553495565 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 46680b6766e5e53499f4bda441cc5ffe |
| SHA1 | 5422c571d3cba03c5cba6be09b9187cbeea09c7d |
| SHA256 | 89658870a62883512511d5f596ba13317389de133909cabfa9b47ce4fc172433 |
| SHA512 | 502a25fd4c76b9496592ad7f32bc8f787fd77e980263d04af6ff8c0a57e874381e12a9ae8dfef97f5481cdabd396298c13cd72c3026e8a799eb0d0761d36f146 |
C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat
| MD5 | 3b435c4631fdc9914108f65933b74cb3 |
| SHA1 | 50689f1fa9b950aaef973bb05be6ca066195a8f0 |
| SHA256 | cd189ee78d2c0ff95098c27530a5b4b70bf58f03134f331e0ef4b82a63a19bbb |
| SHA512 | 48fcf217aed3f99ca2874ee98e7f6e86a1494eca146064ecc72dd52ee8fa6e7b59e04ad3806e104d5376f9852bd296e41dd9086c93fbd2d8fc6cb138d524cfa1 |
memory/6048-151-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 85a2f15180ba32291fa04a10cc9c26dc |
| SHA1 | 89dec3e9f0f2c806880fe5d855d337366e28ff72 |
| SHA256 | d3316e7693846ddc25d7fe433a69a877f806fa218d6fbe47054b384446edcd79 |
| SHA512 | ab24e48af3526fb9c18a1bfc214e17692e9dde44507812dff582b04ef0aa0924ea4d33c68d8926f8e0707a2b153baf8b07878eaa5c183813a9901367b4e15790 |
C:\Users\Admin\AppData\Local\Temp\$$a7D5E.bat
| MD5 | 52a5047eecaf28546744675f93df3164 |
| SHA1 | 048865dfb556d01c9170952bb3eeefbbcc95b027 |
| SHA256 | 335c306b929c10a64ab1152ab95ab9d32ee64959f71e8071d3f1c114b68dfffa |
| SHA512 | 91e72e88f28c726a719a96765c9091371866eb4fa16f94172d7af3f2e461ce90edeea583e72c94a4e574895ce05cfc02835b377b1efe0e2b5a3f04ae9fc033d2 |
memory/3380-158-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | f2f8f18413fb83a9f083e6e428f8cbf9 |
| SHA1 | ca2cee4c0df1cc74fc362cc1713871c00106c61f |
| SHA256 | 0797b5cea8d82c6a33af5343b1c4305228ce47b84e67d9e988cc57e3fcb6fc50 |
| SHA512 | e298bd4462f920affcfbd7644393e8501f21b4e0d3372c35dd1e1fec552c5db91deb05022153360ffacd5de64adc8ffd7eb14ce51af766d7bf540fa558f56741 |
memory/5964-165-0x0000000000400000-0x0000000000445000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a7E86.bat
| MD5 | 03258cd4aea4bb622758badb0e7126b8 |
| SHA1 | cbd16ba0feb1bfe2adf54607ec8eb86b725d7fd0 |
| SHA256 | e3f033d4a5ee7cba15e8443d07ffc6cc840c7defd43f58f92bb4c43ede020a44 |
| SHA512 | b3bd0145675f969a869cd8d7181d6b6b08bfb2cd156eb9dc0ac21baa781d6c7839cb17c733c44430f18813d7463fab678e4e06e9ee7ac8b5899576a5725f6909 |
C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe
| MD5 | 009c420eefc143ef412cb858df56f00f |
| SHA1 | 8984a10eaf92454ebb1286d501319c872ccd3b7a |
| SHA256 | a1230d2d651c34730f6dfb862326c24f9190e60c8238652273c056d1f3f39146 |
| SHA512 | 5a769ef6ab4436f1c9efd49a9ed85d9952fab3e5ea99503d8873e0c0660720705a2f21b32f111f4d11198df941eb9089fbb93d696699c710ff33901e9b8a0502 |
C:\Users\Admin\AppData\Local\Temp\$$a7FBF.bat
| MD5 | 60938bd3c0117865e54821d0d49ed08e |
| SHA1 | b640410b9d1104c0cb562170d983f5c383a3e59f |
| SHA256 | f497ea63d3efe203322a28d06e867ac6903697d9f71f8809b8d961eb94390710 |
| SHA512 | cb779f1c5130a47b5a4d382c22d40d25e9d87ba11cdb6a8e723a2c2e23bb32ceb35f5e202f65e82674eaa24e588cce6307faa3bec005ecd6d636580baf383c37 |
memory/2276-172-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4876-179-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3612-183-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4932-187-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3980-191-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3844-195-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3476-199-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4692-203-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2444-207-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4300-211-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3036-215-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1512-219-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5928-353-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3388-518-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5128-646-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2056-905-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1384-1254-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3348-1647-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6076-1965-0x0000000000400000-0x0000000000445000-memory.dmp
memory/360-1969-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3260-1973-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2276-1977-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3592-1981-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6088-1985-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5624-1989-0x0000000000400000-0x0000000000445000-memory.dmp
memory/700-1993-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4976-1997-0x0000000000400000-0x0000000000445000-memory.dmp
memory/628-2001-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3596-2002-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5828-2050-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3572-2500-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1684-2844-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3508-3034-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2152-3303-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2076-3492-0x0000000000400000-0x0000000000445000-memory.dmp
memory/240-3740-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5912-3974-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1000-4148-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4672-4390-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6060-4670-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4944-4924-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4628-5074-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2992-5243-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4212-5495-0x0000000000400000-0x0000000000445000-memory.dmp
memory/772-5723-0x0000000000400000-0x0000000000445000-memory.dmp
memory/580-5761-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2060-5766-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1872-5771-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1396-5776-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-5781-0x0000000000400000-0x0000000000445000-memory.dmp
memory/440-5786-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4216-5791-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1220-5796-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4860-5801-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5948-5806-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3512-6018-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3124-6227-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2064-6310-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3796-6315-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3996-6320-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4284-6325-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1532-6330-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5880-6335-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3704-6340-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2860-6345-0x0000000000400000-0x0000000000445000-memory.dmp
memory/808-6350-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1448-6355-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1224-6360-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4952-6369-0x0000000000400000-0x0000000000445000-memory.dmp
memory/692-6374-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1120-6379-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2904-6384-0x0000000000400000-0x0000000000445000-memory.dmp
memory/696-6389-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5756-6394-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2700-6399-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3848-6404-0x0000000000400000-0x0000000000445000-memory.dmp
memory/572-6409-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6068-6414-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5000-6419-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1288-6424-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4992-6476-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5032-6738-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4664-7185-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6092-7386-0x0000000000400000-0x0000000000445000-memory.dmp
memory/832-7597-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3864-7952-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5732-8211-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1724-8398-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2704-8603-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2788-8812-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2784-9111-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5988-9480-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4440-9783-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3932-10059-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5344-10224-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2348-10676-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2876-10681-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5432-10686-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6032-10691-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5900-10696-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2628-10701-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3156-10706-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4168-10711-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1276-10716-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3784-10721-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3584-10726-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2568-10731-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6112-10736-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2180-10741-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5840-10746-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3968-10751-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2912-10756-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4520-10761-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4636-10766-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4932-10771-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4688-10776-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3404-10781-0x0000000000400000-0x0000000000445000-memory.dmp
memory/6124-10786-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3392-10791-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5412-10796-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3632-10801-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2416-10806-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5744-10811-0x0000000000400000-0x0000000000445000-memory.dmp
memory/1076-10816-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2540-10821-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3268-10826-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5928-10831-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4452-10836-0x0000000000400000-0x0000000000445000-memory.dmp
memory/2160-10841-0x0000000000400000-0x0000000000445000-memory.dmp
memory/676-10846-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5672-10851-0x0000000000400000-0x0000000000445000-memory.dmp
memory/4812-10856-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5660-10861-0x0000000000400000-0x0000000000445000-memory.dmp
memory/492-10866-0x0000000000400000-0x0000000000445000-memory.dmp
memory/5044-10871-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3740-10872-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3740-10877-0x0000000000400000-0x0000000000445000-memory.dmp