Malware Analysis Report

2025-08-05 14:55

Sample ID 250704-w76kmsxtbt
Target 61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627
SHA256 61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627

Threat Level: Shows suspicious behavior

The file 61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Drops startup file

Reads user/profile data of web browsers

Executes dropped EXE

Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Program crash

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

Runs net.exe

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-04 18:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-04 18:34

Reported

2025-07-04 18:37

Platform

win10v2004-20250502-en

Max time kernel

149s

Max time network

141s

Command Line

C:\Windows\Explorer.EXE

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\loc\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\default_apps\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\E295F3A3-993A-4EA0-9ABE-A1B69525FC35\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\reports\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\edge_BITS_4536_397408738\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\amd64\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\edge_BITS_4396_1915477713\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\MsEdgeCrashpad\reports\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File opened for modification C:\Windows\rundl132.exe C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 668 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 668 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 668 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 668 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 668 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 668 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 2248 wrote to memory of 5124 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2248 wrote to memory of 5124 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 2248 wrote to memory of 5124 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5124 wrote to memory of 5900 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5124 wrote to memory of 5900 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5124 wrote to memory of 5900 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3308 wrote to memory of 3024 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3308 wrote to memory of 3024 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3308 wrote to memory of 3024 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3024 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3024 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3024 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3616 wrote to memory of 3612 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3616 wrote to memory of 3612 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3616 wrote to memory of 3612 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3612 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3612 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3612 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 368 wrote to memory of 2848 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 368 wrote to memory of 2848 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 368 wrote to memory of 2848 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2848 wrote to memory of 5876 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2848 wrote to memory of 5876 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2848 wrote to memory of 5876 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 3544 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 2248 wrote to memory of 3544 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 5876 wrote to memory of 1268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5876 wrote to memory of 1268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5876 wrote to memory of 1268 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 1268 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1268 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1268 wrote to memory of 1496 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1496 wrote to memory of 3760 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 1496 wrote to memory of 3760 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 1496 wrote to memory of 3760 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3760 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3760 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3760 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4488 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4488 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4488 wrote to memory of 4636 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4636 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4636 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4636 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4624 wrote to memory of 3768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4624 wrote to memory of 3768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4624 wrote to memory of 3768 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3768 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3768 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3768 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4400 wrote to memory of 4516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4400 wrote to memory of 4516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4400 wrote to memory of 4516 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4516 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4516 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4516 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2680 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2680 wrote to memory of 4740 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a881C.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8973.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8DD8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91D0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9395.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9858.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9AD8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D0B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9FAB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA1DD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA400.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA671.bat

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2248 -ip 2248

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA894.bat

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 976

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAA7.bat

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2248 -ip 2248

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 976

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC2E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAEBE.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB1EB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB297.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB323.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3CF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB46B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB536.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB5C3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB68E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB72A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB798.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB7E6.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB844.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB8F0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB95D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB9BB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBA57.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAE4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB70.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBBCE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC6A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCA9.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCF7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD64.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDB2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE00.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE7D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBECC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF39.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF97.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFF4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC062.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0B0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0FE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC16B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1BA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC227.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC285.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2D3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC321.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC39E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3FC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC459.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4C7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC515.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5A2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5F0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC63E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6AB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6F9.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC767.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7C4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC813.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC870.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC8DE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC92C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9A9.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC9E7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCA45.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCAB2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB20.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCB9D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCC49.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCCA6.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD23.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCD72.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCDDF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE3D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCE9A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCEE9.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCF46.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFA4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFF2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD040.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD0BD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD12B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD188.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD1D7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD234.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD282.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD2E0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD32E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD38C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD3DA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD428.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD486.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD4E4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD532.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD59F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD5ED.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD68A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD6F7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD764.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD793.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD7F1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD84F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8AD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD8EB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD958.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD9A7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA14.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDA52.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAA1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDAFE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB4C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDB9B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDBF8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDC56.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDCB4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD12.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDD6F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDDCD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE1B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDE79.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDED7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF34.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDF83.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aDFF0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE02E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE07D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE0EA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE138.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE186.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE1E4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE232.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE290.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE2CE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE32C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE399.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE3E8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE445.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE4B3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE501.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE56E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE5CC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aE61A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/668-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/2248-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/668-11-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a881C.bat

MD5 55a31e5c4c749c5871739444e73a5982
SHA1 361af3bb038bfee56df8809a3c4879c874015429
SHA256 0b493f44aa2306a4546adbaa5d74f0e9d43a66f5bd072330a977195f34f47e90
SHA512 97ee40c10360e35f07e70b31634e30a21bbbc29dddebd066abd789eccb914f8b8a937c287e8b6e2d625052e4a962284260c4eea4a5cf37d95f77749c316985e9

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 7951dd28074c9675bcd4eb608b6061c6
SHA1 f8f7201750ed66227e97ab2338e8acd8860089a9
SHA256 ba58c4a3b1b489f41840dd04aadbf94547c6ba6fd64872df654ddcd3fd5152f7
SHA512 69b445e69ec278c1dc48bc16bab5a3b0260b1841b3378d548e330b3d245635970ca795a93758831ec87e03fbbfebddb277d8206359dfcd9b42f08442b326e96e

memory/3024-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a8973.bat

MD5 f5d670422807815442f8db3761476002
SHA1 22b7f7212435f17d1613a8d47b766d04c7a2862a
SHA256 b7c3fe4d59c277ef7b9cb4ee4771b5d205d4519b71fab7114b298a16a855feb8
SHA512 62cbd73e3d6ed96eff08905435f0c4e6a5cad0e0fc7535bd6a615c1e7c14a4c1384136a1145a53e3ff328deb7ecde08a3557cf70a7a8b2fc98c444083c4072f9

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 d9d642efed3da47cbfa72ac51901d2b7
SHA1 e1adfc2f0f862f756756384b7959fb213cf8eb27
SHA256 6fd24c7e1c82062aa995f2046ef0b513c4a6bf65879cc6f13a76a5812c535c9c
SHA512 fd7bbe8fbcbf00ffb85bab4565a2d5f9b3dbfcd5db0ea323755420ad9d514e661dd6138d9a7925cb2dc9d54b26b0509da9216409b0d3afca5bbd40a6332c4316

memory/3612-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat

MD5 7a3e343490b5123a2a5f29108eb91e94
SHA1 6a8e64e1132c4aeaf8377bcd302b26830e8eb3c6
SHA256 c1cd74d430316409a508ef91cebea0c081606ca7086d1647ef057253ca428e74
SHA512 ba3011c94601d644d62e6382858a6b7682fc8ddd9edb70c2c3a72c217043eb7a76b7f3aac5bf16f57689de97c13246dbf491c6c747811a129c28b64477d2776a

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 53142b889c736ebe73da2f3bee4804ed
SHA1 eddbabf8695c88547162db1b2994f8036cdc5d20
SHA256 4afbedd7140a05726cb268b44f293dc8254b86aafa1481642572f1edf7b2d620
SHA512 29a743cbf1297ab17646d2dc8e838a6bdb4416b0918ed734fc5d7e2e4daebc8ce012b0b58d1c50f0a943ed42417326e691f68269412d773e5a19ed4f217da14e

memory/2848-33-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2848-37-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a8DD8.bat

MD5 0db4ae96d341296dd18f32b8b2098358
SHA1 a3b05706179a88005c2ea15793ad407480869333
SHA256 f27680209969e88da5eab7170efe34a8c10de6b3c7697a62be1cc5eae606f080
SHA512 486ba205ae39cfb381d366ea5a28b78d07d9ac8546511897bfadaf4382a2e1d87664962724613263502778f7a4cc25281b62a291f1e07c1a06524415cb759ffb

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 29b7f2a0a43fae2bdb32d58fd90fb4bc
SHA1 d9d3b3d03293ba694927549d107b41001a9295fc
SHA256 96265f9ed2752aa335cbce767316a2e10f0b9beb4fb4b389a419d661c0d61735
SHA512 0bb09caf889830721e11ef4dcab8d3e42b3151ac09f93e15e547d67aeb9cef5ccd194a16006abcd912d6fd1d04114cbea26eb76c8abfde7a8ba57e5d118ec7ee

memory/1268-45-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a8FAD.bat

MD5 0a886e4ec983400be97047451432b07a
SHA1 48d4dde18736635adfb85c0759644af08c808e38
SHA256 c5f9a452cb656e86caa514f9b517602cf3af769a5f17d73af3ce0593ab0d22d7
SHA512 23ae08b2b2d95bb9dbf1f1021fa0c47660d0b26aeb464cb3af59ee1237d84a52029119c1dc998d05793ab43e678699640f6bee45a7feace3f4837786002a23eb

F:\$RECYCLE.BIN\S-1-5-21-1153236273-2212388449-1493869963-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 3e4c23f8b3489eda94fdc5019503eeed
SHA1 bc65653871578b00d4d17d97852f30f8f8f036a4
SHA256 79cf21926dece873351cca1b8c6b999c60f01054e261827c99e11e4cd087bea6
SHA512 6e981a01b3b768222e6fca332066adbc0eea599c76a2914b504ff7f7109ed1832d30cbd9fd3ae8663448b5540897052c9217587b8b2d0f28f765b82c7ec3d744

memory/3760-58-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a91D0.bat

MD5 9873aecaa7daa9212754d45253f74183
SHA1 326fdd90e1090682aa7b54c2603e54a85ca9b02d
SHA256 b0675913e754fa9f262015472395d8766be69aafa114763a20fb3d01a171710f
SHA512 d1ffe69607970acd3f6f9eea7e36a5588738ed0f8b2c05112238cafbc828b5d3fb4d4d7d03f79c0aa9516e04ba274bab453a76f683d9eba154dbfda375df5fd0

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 4a228b3c9fd3833432d84be7c8d9708b
SHA1 d67aa32fc76bc132d430d95d20dd32e098b6cda2
SHA256 8e711df4ee51a8b93c8cdf6d07b41ec801720926eb31a324900801df9a6afea5
SHA512 c6d2da12d3b5040bc15981324ec06c994d336cb7844e2aef6f75b359ef3a37e42cbfe837cb286c4881a85560056d4ce53b14522883ca774f8b1245786ea11838

memory/4636-65-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9395.bat

MD5 c61be2695d696d668b62d2b03332e70b
SHA1 656f6060cb65ba24a64090dcc1a73782e10edbda
SHA256 4740c66efb681f553b9d563236dee85c114ba0884ded09c5205bdbbbc1dbe80d
SHA512 0465449aa55aa7d9b4fbff0262c279ce4ae712fd95e2fd95f2e82a6508d75eab941d526ec87ae611f6c522f0ab1ae265dc013caf8b82dc30df3f107d7ce89634

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 8e6bb4d85bad395af83d0c61b925f971
SHA1 6475cd7e7b34fa04ecc500b421981fe1ff617438
SHA256 76a44ab1acb74988c4f364e4a9532468ad3e8bbf23c7657e0821a6692fb27505
SHA512 b82a96ac68b575f3b996c60ce54de56951edd927af8ed0229921886edef066d522b1b3d4a203bba653e80388dee4d6afdbf98ce21fad5004572c73bbd31ff6d5

memory/3768-76-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a95E7.bat

MD5 1f78053f735966b28261dba18d171ae9
SHA1 d21b8618003ffe579716964a0ef8bb05f566491f
SHA256 72c5e1bd3caef972124e59bc9388a60b8c13f0c4eb609bd4c9c6367cbc33435c
SHA512 f3a3816f4548e0f00f1d83290e013c63525e2106c36a46cacbfa5640f758ed5a037e66a298075a1a1e55491e9ee6e6e765109262f3eb90c65f9949393d386dce

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 79ba5757247519e0b52e7dcf48984c95
SHA1 bed7028788c0396b2c55d82763c14cc188f56681
SHA256 d959918b5d84f091d39312b7d4ea3a1bb54b5dc1afa874fe75ed90bf8f3d7289
SHA512 595fb159ac57b63486cd8699f1942419f01208eb693f815ad88e29a589674bace036bfa12930436cad7865f2fa529e4b3299ddc77c1d8c4a8350aa258d1644cf

memory/4516-85-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9858.bat

MD5 f5eceb663b34b87e97a3db16d0f0cca9
SHA1 8c29477f2258f253bd7f4784d74b15647b56ae44
SHA256 a578b73b5682289246dff3133a6c54207b683a58e8b4886dd3fd1579c693307e
SHA512 8598a50acb90907f3e650af07c99b0a0c57377fc25b4a7805143de6be2f90e8bf6b7a14340d3a9b7afbeb01245a1dcc511b198427d68bd15e947d6f239b6bc86

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 5e7a70498f1b3bd901a740584325e35b
SHA1 ace00cf12e896d6e9028c828652c03885a4f4891
SHA256 4c03d544593461b8ad204ada444c20adf5c5f992c9b23ae914d9013daf6d3d97
SHA512 4fd38764f82ae6565d756cfddfc5e205aeb96f2fca5b05bf135b5720911a393a207a6f390fa79a0ee6dbb585aa5cb0548776d853581d48cd4ec44f7549f184e6

memory/4740-92-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9AD8.bat

MD5 c83446b6ef05f8a9e37d0aa53ab70ca7
SHA1 6ad47b06b2c40e07cb8046641668fd5d27ff226e
SHA256 41bd5b3a5ca5ac52bc73301ee7dd8c745349126491dad2f250a96eb428fbf98e
SHA512 a8e6dff7369c43f10c8b4065a6dbf3e9dacb2c1338935716f104bcb81007d2672578aef854c98e5a67fe665429733a9cc412219eaba0df71c0fc22307dffd142

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 0458bec09b32103121c7c90d6edf8f8f
SHA1 301b79f3b028343f4bb28b1099dfe1d291be8594
SHA256 59a0cd42318df066d1380aa2ca31e25cc287d64c950cf44e01bdbb871e21287c
SHA512 a93f2aac660fffb39a2f7769c2c882d1733b901a4bd20e5dc2b077cf8c60af5ae805ee547c0415e0830205690ddb9771cfbad409d5b269b646574af031c42231

memory/2248-98-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4796-102-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9D0B.bat

MD5 31ed7b3b8159c978789e0e98cbb0af44
SHA1 004383969d2fa1a0283a79eb018b88e9e25f7637
SHA256 a1bc4d5f8556090fdcbef9870dfb18455f23579abd1de4a53b66dde83e383f53
SHA512 9c4e13b9175fd0774d1cb929b58be79ccc63fd29e5126e14e94e6ffe3f7a1346a7d252eac60a690bcf8ea93553081124ff0ac4dc416443dacc30c37b682cff24

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 f35e9166b61bab6d2d3c4d7fd57707f1
SHA1 c12d339f1fa6212be6ac551367e2831449d15675
SHA256 81f1a79833b76392b2e2002dbf1a930c0efed43f251d3a0d0af1edd85204fa75
SHA512 841f6634b453bb47ca01ac8fe8a91a20e3a02e8229dbedaebc5e3edef9c14e5aad29219a8a4a17be0916e7b7cf79ff01026cbdefc7e893503b654f3f37aeea84

memory/1384-109-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a9FAB.bat

MD5 bc4ae7164f8b526a6484bfe6b733ed82
SHA1 eae312297f56780dee699c4878f2c70cf0b03456
SHA256 628bb865f5e5f90edb005353d0ab8269cdafa57c0c1768e5c07c6b460984ebb8
SHA512 674933aebeb330f5e2b1f2bb4ef6db4f89442ef353fb1194fc37a3f3f930610754e52935b4bbe4f9ae88a56cab84f5e6ab00328fbfaf177faaeb82ed05e0bc92

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 af544ba04af764209fc63fde6b71e503
SHA1 36a3c328bbb8aab0dc0402be1908087b527fbcee
SHA256 3f32769e8b5ec379933950125b26a5aef1897129360c9e6d1e3f8b6459a2873b
SHA512 243756278c4a763de27af8c64d7d1e13cd53595230d5aa75e82fc80512829e53aaef731e8f2c29a4e99f05f721ab6efb14f4db9bf6c74c0f1e10b28bdd920f2a

memory/3396-118-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA1DD.bat

MD5 1e7ad5fdb25a8ef5ff3be69823b13053
SHA1 bd6ac21e0d31bcdca49f22a559c837bfaeed9645
SHA256 abb2f8a75a57859833373d9b445eefa988d70db14ff152671d5020e0ea4f926b
SHA512 08111d3d1a69c05e99a222b2606091c3e3c69a57d8a6a56369353205bc65ec5b53fb141fee672058b45fccbec26368c0031b2da4be081e3d6aca880ffc56360c

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 a73290887d27b9b60bb6f81df57562e5
SHA1 a92febb402310ca394f0b039e3fb60d6f68483cf
SHA256 89032efe3db5daa15fee68f5922fc751bea66db71a4be5b18aa16f20e163e0bc
SHA512 41e8827088dbe8ad904cafed2b8c1ab82873152835f9569f3b2277a961311c06377d68d6c827984533e11a273f10f51bafdc19d47ad08645fa8d9053daf2e0de

memory/2588-125-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA400.bat

MD5 17e67f7610131a8765d97b98686a95ba
SHA1 86c2693136b83d0267a8c490018b2a0b9f049365
SHA256 2e0e61a138c2da2d07ccf589f054cae3c22537ca0df54912b9668403ff8ba7f3
SHA512 d2718e0886463b6baa101d31f96e0edf8b605944619d2d7f4d45770faa451b7fbeeb8928b9afdafc3e808d4f6b0c2e505261be322d628df2f4cfb6956d5ba9cf

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 8919744c338c6020603f8303d9bcde70
SHA1 a69cc73418ce0317fe40818148d687fefe263b11
SHA256 4fd040a1867a59850471ef79a1e5e138305ba5685beb50c9d7eb2687a07d6364
SHA512 242c5b80760f30d1b4a6105ce9848e8241d23a0b82ab6b57700c6cb3217df7b490143e0621e6466a7748d28fe9f0f2cc39bb47dfa017b647e950e245d222ed49

memory/4920-838-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA671.bat

MD5 f3556c5b2c4ab3496e1c5934b182f352
SHA1 0b6393d171658e09af953ed2666379418a77a8b8
SHA256 17b621a242d6ae9e2e0ebb47f9ce7ffb3ef355c6b4e83865ae010783643da71e
SHA512 9b70334886860d0641064b74da2379981bd9658e0e6a229ea408913592b97f248cce0a3b56da78d72c6b71187710e0925a43e68e93f9a41aed2ec079c791c5fd

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 a020fdeb1d6175a1cf4f495394b0b94c
SHA1 f11c00afbe483d3ca4b7908cd6834ef10e842370
SHA256 87d8c2ae0be2556c279900b62051d2c1402bd8abf0a2672ac442e8e182401be8
SHA512 9cbf0c13c647945e3efb16d79e2d3e0796915a5d676d0714f9306860820d15ff08fd96d7ce2debf9c0a57490b4c93c229109957cb591f45d522197025c440b31

memory/5012-1639-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aA894.bat

MD5 13586b4ffc9c2e69a3bbc764e43e99a8
SHA1 56cd6e4856515fbfd5aa5f6841c3ae46d668b0ca
SHA256 62f393758b1e533736a0f2abc56536e1e52bf563bbf12ac24035a356472dd1c0
SHA512 58c375e7485484c952294f84af369f8747734acbee7b2d940b54240bed6642d0c20039df38a91ebe2aaddce6dcf27532c255fef26101f2a139bed8301da183c2

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 c27948888438046626509961611af3fd
SHA1 f67014fe7b410ea7042f1576075b92632458cd13
SHA256 e84597d6eea39db1ee7cf1043b7636f1922e95f726b4f616879ee1c239535cde
SHA512 efe5fee6df8d9ac8b681a7cc74f4c205604cc96ecf16127254c950f1a6d0135a8dc3ea4d5dafbb9d051a85e852fa3d6d7de203ff65242e54d0f6863d7e802fb7

memory/3900-1646-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aAAA7.bat

MD5 28be0ea017f9c2bf770c3e37f59df0a7
SHA1 fb64e5b920ab94ffde156ebf2cfb456f4d5d62da
SHA256 338b80d128f7449f8ecee3ef3d2eccff577b67d98d8907b70500ddd1da295c33
SHA512 5e66d29d354feb40ca6b4ffa844404dea876114a18209bac251c10ad2f1e4de91e7159c6927fb984502ac0f343f91abe4f342f9e65b80d438650d71fc81176db

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 46680b6766e5e53499f4bda441cc5ffe
SHA1 5422c571d3cba03c5cba6be09b9187cbeea09c7d
SHA256 89658870a62883512511d5f596ba13317389de133909cabfa9b47ce4fc172433
SHA512 502a25fd4c76b9496592ad7f32bc8f787fd77e980263d04af6ff8c0a57e874381e12a9ae8dfef97f5481cdabd396298c13cd72c3026e8a799eb0d0761d36f146

memory/1848-1653-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aAC2E.bat

MD5 06888f25c4f1bd6c6b00269cf17e060c
SHA1 e2602d40276ed25bd4d44baa71aae4138a11a159
SHA256 31ac8d4d4caecaa90faa1dbd46f774bdd0ba2cfa0e4c2fef6919eced2d29bac8
SHA512 b00f63f933925f29c66d1082d87fab205a4f7ec36c627de1406840ae7fd420fe5cc1f5376f91c3b31f1f38d73b60379e683885efc3d9f6a0fa78dee5dc1d139c

memory/2248-1654-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 85a2f15180ba32291fa04a10cc9c26dc
SHA1 89dec3e9f0f2c806880fe5d855d337366e28ff72
SHA256 d3316e7693846ddc25d7fe433a69a877f806fa218d6fbe47054b384446edcd79
SHA512 ab24e48af3526fb9c18a1bfc214e17692e9dde44507812dff582b04ef0aa0924ea4d33c68d8926f8e0707a2b153baf8b07878eaa5c183813a9901367b4e15790

memory/3748-1666-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3228-1667-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$aAEBE.bat

MD5 56f780ad006a16376fa4f1a89fca3a8e
SHA1 8b0b097e7c2db0ff40282f9cff7beafa290c9920
SHA256 274f7d13f66083d4dbe91242e4fa0e0a3ea6af87611ee484471b8c69fb3fd975
SHA512 fd8aacff1a1a3da5dba2fc549a223fc3c475af2f84e989ff9becb8fc02a31ce214a9541049d002bc7d7579079e422269fef74b437a431b08cd0b183a909fc436

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 f2f8f18413fb83a9f083e6e428f8cbf9
SHA1 ca2cee4c0df1cc74fc362cc1713871c00106c61f
SHA256 0797b5cea8d82c6a33af5343b1c4305228ce47b84e67d9e988cc57e3fcb6fc50
SHA512 e298bd4462f920affcfbd7644393e8501f21b4e0d3372c35dd1e1fec552c5db91deb05022153360ffacd5de64adc8ffd7eb14ce51af766d7bf540fa558f56741

memory/5000-1676-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1864-1680-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2332-1684-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4976-1688-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3340-1692-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3328-1696-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1528-1700-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1544-1705-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2904-1709-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3748-1710-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5280-1714-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1744-1718-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6136-1722-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2316-1726-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2628-1730-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4512-1734-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2148-1739-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4516-1743-0x0000000000400000-0x0000000000445000-memory.dmp

memory/980-1747-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1716-1751-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4860-1755-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5428-1759-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4916-1763-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1624-1767-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2908-1771-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6052-1775-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2472-1779-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3224-1783-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3644-1787-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5332-1791-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5420-1795-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2256-1799-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2384-1803-0x0000000000400000-0x0000000000445000-memory.dmp

memory/376-1807-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6064-1811-0x0000000000400000-0x0000000000445000-memory.dmp

memory/432-1815-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5736-1819-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4228-1823-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5888-1827-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2556-1831-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1248-1835-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6060-1839-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4348-1843-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3608-1847-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4164-1851-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4064-1855-0x0000000000400000-0x0000000000445000-memory.dmp

memory/212-1859-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3616-1864-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5376-1869-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2260-1874-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4012-1879-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5028-1884-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4676-1889-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3256-1894-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4828-1899-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3848-1904-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4416-1909-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1384-1914-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2204-1919-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3500-1924-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4252-1929-0x0000000000400000-0x0000000000445000-memory.dmp

memory/764-1934-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3584-1939-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5368-1944-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4132-1949-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2456-1954-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3296-1959-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5200-1964-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5592-1969-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3312-1974-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5632-1979-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3604-1984-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3960-1989-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5888-1994-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4040-1999-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4000-2004-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1492-2009-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1344-2014-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5668-2019-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3744-2024-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1880-2029-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1872-2034-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4720-2039-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4788-2044-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3760-2049-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3756-2054-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4784-2059-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5784-2064-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2236-2069-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3464-2074-0x0000000000400000-0x0000000000445000-memory.dmp

memory/952-2079-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3576-2085-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1292-2090-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2816-2095-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1956-2100-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2252-2105-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2144-2110-0x0000000000400000-0x0000000000445000-memory.dmp

memory/612-2115-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2560-2120-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5296-2125-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2944-2130-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5488-2135-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3664-2140-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2548-2145-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3604-2150-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4100-2155-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2704-2160-0x0000000000400000-0x0000000000445000-memory.dmp

memory/228-2165-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1248-2170-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1712-2175-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2904-2180-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1780-2185-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4564-2190-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5856-2195-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4484-2200-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4500-2205-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4520-2210-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4488-2215-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2068-2220-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4756-2225-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4760-2230-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4728-2235-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4916-2240-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3564-2245-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1292-2250-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3508-2255-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3584-2260-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2132-2265-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4316-2270-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3396-2275-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2508-2280-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3512-2285-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1432-2290-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1960-2295-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4292-2300-0x0000000000400000-0x0000000000445000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-04 18:34

Reported

2025-07-04 18:37

Platform

win11-20250610-en

Max time kernel

150s

Max time network

105s

Command Line

C:\Windows\Explorer.EXE

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini C:\Windows\Logo1_.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\X: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\R: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Q: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\P: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\L: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\I: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\W: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\V: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\U: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\N: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\M: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\K: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\J: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\H: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\Y: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\T: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\O: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\G: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\S: C:\Windows\Logo1_.exe N/A
File opened (read-only) \??\E: C:\Windows\Logo1_.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\Addons\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\cs-cz\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\edge_feedback\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\MSBuild\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Defender\en-US\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\MEIPreload\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ar\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\Microsoft Office\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\it\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\PdfPreview\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\dotnet\host\fxr\6.0.27\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\include\win32\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\_desktop.ini C:\Windows\Logo1_.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\_desktop.ini C:\Windows\Logo1_.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\ResiliencyLinks\identity_proxy\_desktop.ini C:\Windows\Logo1_.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Dll.dll C:\Windows\Logo1_.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
File created C:\Windows\Logo1_.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Logo1_.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A
N/A N/A C:\Windows\Logo1_.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1796 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1796 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1796 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 1796 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 1796 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 1796 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\Logo1_.exe
PID 3596 wrote to memory of 5748 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3596 wrote to memory of 5748 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 3596 wrote to memory of 5748 N/A C:\Windows\Logo1_.exe C:\Windows\SysWOW64\net.exe
PID 5748 wrote to memory of 1988 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5748 wrote to memory of 1988 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5748 wrote to memory of 1988 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 4812 wrote to memory of 6036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4812 wrote to memory of 6036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4812 wrote to memory of 6036 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 6036 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 6036 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 6036 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2992 wrote to memory of 5808 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2992 wrote to memory of 5808 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2992 wrote to memory of 5808 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5808 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2400 wrote to memory of 5576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2400 wrote to memory of 5576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2400 wrote to memory of 5576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5576 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5576 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5576 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2688 wrote to memory of 4960 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2688 wrote to memory of 4960 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2688 wrote to memory of 4960 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4960 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4960 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4960 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3596 wrote to memory of 3316 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 3596 wrote to memory of 3316 N/A C:\Windows\Logo1_.exe C:\Windows\Explorer.EXE
PID 5000 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5000 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5000 wrote to memory of 2348 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 2348 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2348 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 2348 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5064 wrote to memory of 4204 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5064 wrote to memory of 4204 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5064 wrote to memory of 4204 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4204 wrote to memory of 5332 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4204 wrote to memory of 5332 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4204 wrote to memory of 5332 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5332 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5332 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5332 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4852 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4852 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4852 wrote to memory of 3544 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 3544 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3544 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 3544 wrote to memory of 4080 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 4080 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4080 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 4080 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe C:\Windows\SysWOW64\cmd.exe
PID 5056 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe
PID 5056 wrote to memory of 2008 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6716.bat

C:\Windows\Logo1_.exe

C:\Windows\Logo1_.exe

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6830.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6C95.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6DDD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6F15.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a705D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a71B5.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a72EE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7407.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a753F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7668.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a77B0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7995.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a79E3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7B1B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7D5E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E86.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7FBF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8136.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8194.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a81F1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8240.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a829D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a831A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8388.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8405.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8453.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84A1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a84DF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a857C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8628.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a86D3.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a878F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8889.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a89B2.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8ACB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B38.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8B87.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8BF4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8C42.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8CCF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D1D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8D7B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8DC9.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8E26.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8EE2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a90C6.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a91C0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a93D4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a948F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a954B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9616.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a96D1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a975E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9829.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9904.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a99BF.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9A4C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9AE8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9C11.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9CEC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9D69.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9DB7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9E34.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9EA1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9EFF.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9F7C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9FCA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA028.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA066.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA0D4.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA18F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA400.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA46E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4BC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA4FA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA558.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA5D5.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA633.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6A0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA6FE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA76B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA7AA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA807.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA856.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8A4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA8F2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA950.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9AD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aA9EC.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA3A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAA78.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAAC7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAB24.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAB63.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aABB1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAC0F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aACCA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aADD4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE80.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF2C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB006.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB0C2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB16E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB239.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB2E5.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB3B0.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB769.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB844.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB90F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB99B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAA5.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBAF3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB51.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBB9F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC1C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBC6A.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBCB8.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBD55.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBDC2.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE2F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBE9D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBEEB.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF39.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBF87.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aBFF4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC052.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC091.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0EE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC15C.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC1BA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC208.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC256.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2B4.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC302.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC36F.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC3CD.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC41B.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC469.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC4B7.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC534.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC573.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC5C1.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC62E.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC66D.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC6CA.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC719.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC786.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC7F3.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC832.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC870.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC8CE.bat

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe

"C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe"

Network

Files

memory/1796-0-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Windows\Logo1_.exe

MD5 4f07b7c07db3deeaef154a2f2c9646b0
SHA1 6ada698575fd2ce3b8041f85d04dad5bd846a03f
SHA256 5c6ca16525876afba9f88ae6809b550793501ed5c5a73b8a800d4029ff92c98c
SHA512 35d71140bddbe016fe55a1e9328b3d284b3c9d5ebe9225b062b994bff4c70555fdf81378a299ab70f1c4d37b60a18a5f8a411e63fe4562299863bb1378616a90

memory/3596-8-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1796-10-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a6716.bat

MD5 cb148c5a53995165f1760430b5b0d825
SHA1 71e61f9bba09b32627fdaf469911d56fc2ab2bbb
SHA256 902b678fcc30fb97fc47ea2f65526dcf32242ba7ab6e55a8c95bd4844bf467da
SHA512 059f4835ccd417b855b6c57355526bdcef28e9a7e405871327d32f704b907d3b907cede48fe4ba2cb93f6469e61d72cfb99b41a77b0f02e90038838a68c23316

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 7951dd28074c9675bcd4eb608b6061c6
SHA1 f8f7201750ed66227e97ab2338e8acd8860089a9
SHA256 ba58c4a3b1b489f41840dd04aadbf94547c6ba6fd64872df654ddcd3fd5152f7
SHA512 69b445e69ec278c1dc48bc16bab5a3b0260b1841b3378d548e330b3d245635970ca795a93758831ec87e03fbbfebddb277d8206359dfcd9b42f08442b326e96e

C:\Users\Admin\AppData\Local\Temp\$$a6830.bat

MD5 dc1331d2af061e78751c2f1becb8a4ff
SHA1 ec1951e2c23ccc8c637dd00d2ff51550c78b2f31
SHA256 56d7cfe48e7ddd4340896f24060b084af4cd68fe94c833e9d16bf3e080253281
SHA512 4a5806b71401f724cad28af9fd64c6e54c5b5b9f81913623bb7cd23d95d72dc17f63cd6c5e05b6f26c766a447080891d6bee36c44fbe30384b97ad83d8e1f837

memory/6036-20-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 d9d642efed3da47cbfa72ac51901d2b7
SHA1 e1adfc2f0f862f756756384b7959fb213cf8eb27
SHA256 6fd24c7e1c82062aa995f2046ef0b513c4a6bf65879cc6f13a76a5812c535c9c
SHA512 fd7bbe8fbcbf00ffb85bab4565a2d5f9b3dbfcd5db0ea323755420ad9d514e661dd6138d9a7925cb2dc9d54b26b0509da9216409b0d3afca5bbd40a6332c4316

memory/5808-27-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a69C6.bat

MD5 ec5bab1da627fefe537ede44556bfabf
SHA1 c4f667fc8d63cd7031a91219d3e4835a1c873814
SHA256 6e0144cdeeea4e25137b84e96fdeba29971112cf68ec7f29e02516fc365364e0
SHA512 8cff32afebc08ffbcfdec5b4681a0c1389beb64ccb047b8e42aa1ded70ba8120b4bc1f1b0fb236d32d9c2e86d3d0d815948348f402cb2c164144572fb8617c3d

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 53142b889c736ebe73da2f3bee4804ed
SHA1 eddbabf8695c88547162db1b2994f8036cdc5d20
SHA256 4afbedd7140a05726cb268b44f293dc8254b86aafa1481642572f1edf7b2d620
SHA512 29a743cbf1297ab17646d2dc8e838a6bdb4416b0918ed734fc5d7e2e4daebc8ce012b0b58d1c50f0a943ed42417326e691f68269412d773e5a19ed4f217da14e

C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat

MD5 ad0f4c7fa875697618b6d11662dd4da1
SHA1 6c224c264071c802f55e61c9855d4a30d5bd9b9e
SHA256 543b54b7e575d9a629a52a31c7a028d052fb64ad692d79fccd4c9ebd99773302
SHA512 7c1f4c03bdcb47796a95b40754df9be0ac1b8838e44b13905f145b2f3846c380b0265de5301645f36433bd3a3ba523d50aa4201184966996e4d3ef551a8054f5

memory/5576-34-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 29b7f2a0a43fae2bdb32d58fd90fb4bc
SHA1 d9d3b3d03293ba694927549d107b41001a9295fc
SHA256 96265f9ed2752aa335cbce767316a2e10f0b9beb4fb4b389a419d661c0d61735
SHA512 0bb09caf889830721e11ef4dcab8d3e42b3151ac09f93e15e547d67aeb9cef5ccd194a16006abcd912d6fd1d04114cbea26eb76c8abfde7a8ba57e5d118ec7ee

C:\Users\Admin\AppData\Local\Temp\$$a6C95.bat

MD5 470c6a47f5440c2ec45485e434865622
SHA1 a18a2bf46fc4580e75870b373aaadc268eb2677e
SHA256 d95cb2bdeb56e8cb499bd6bfe742b1b0834b7fb6a4bc6d2ca18039e93e2c68e4
SHA512 7144b62b01a44832719a23c21b1a35fcaa21e03e87d2ba255aa0b05ac0d84e84e11b34721c6d10c29dc5ee9b97e336c6a1857fcb759f10b23f16fe5fd28289b7

memory/4960-43-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 3e4c23f8b3489eda94fdc5019503eeed
SHA1 bc65653871578b00d4d17d97852f30f8f8f036a4
SHA256 79cf21926dece873351cca1b8c6b999c60f01054e261827c99e11e4cd087bea6
SHA512 6e981a01b3b768222e6fca332066adbc0eea599c76a2914b504ff7f7109ed1832d30cbd9fd3ae8663448b5540897052c9217587b8b2d0f28f765b82c7ec3d744

C:\Users\Admin\AppData\Local\Temp\$$a6DDD.bat

MD5 e46bf61fa67617eec67bb7999da2cb85
SHA1 d154131a19063fc9155a7872ab969fc7c259de88
SHA256 988054dd51bfeee5f52cc876f7d907aef25bd390a35310cb74b1bb826558e246
SHA512 3734c03ed24e3af5319722cbc811970f5bc4517a61ceedfbf26a3d6f5331b7f5ccddee045ac1d06d131349f7a018f780c8c8be044d5cf908483108851ddbfa68

memory/2348-51-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 4a228b3c9fd3833432d84be7c8d9708b
SHA1 d67aa32fc76bc132d430d95d20dd32e098b6cda2
SHA256 8e711df4ee51a8b93c8cdf6d07b41ec801720926eb31a324900801df9a6afea5
SHA512 c6d2da12d3b5040bc15981324ec06c994d336cb7844e2aef6f75b359ef3a37e42cbfe837cb286c4881a85560056d4ce53b14522883ca774f8b1245786ea11838

C:\Users\Admin\AppData\Local\Temp\$$a6F15.bat

MD5 296a89ea804e8b2497f9ba16e629b21e
SHA1 1e76932e96f32bfb1560c1add4d135b339a5b22e
SHA256 36816294ef5ad8f97085b05e638ab526582ed2e505676c66243bae09f1edf0cc
SHA512 861fece1691fe7f7ea75f132c589713e9b6cb9160aeab10cc3f9967dc3d012882c6df55cda24f6d02c54d263f0614a8396f36fb175dec8a8dc9fd64029f83a8b

memory/4204-58-0x0000000000400000-0x0000000000445000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-2238466657-712128251-1221219315-1000\_desktop.ini

MD5 6ef23bccadc81fb82d7eeecab7166eed
SHA1 379fb55375f791483209d02402c6c359fe6afc12
SHA256 da5498ac44fd5b5f97353e6f28c673c28985ae25330f183b90a1a20b4bf4e85a
SHA512 6e10f0bfc5983272d128dfe59f9868a59098e8ae388e55a0ab9f25d85b1c979728b295f39bef985bb7ef8ff1bc9b14c5f315ead269b8cefb4aaa2e82ca0cf5b1

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 8e6bb4d85bad395af83d0c61b925f971
SHA1 6475cd7e7b34fa04ecc500b421981fe1ff617438
SHA256 76a44ab1acb74988c4f364e4a9532468ad3e8bbf23c7657e0821a6692fb27505
SHA512 b82a96ac68b575f3b996c60ce54de56951edd927af8ed0229921886edef066d522b1b3d4a203bba653e80388dee4d6afdbf98ce21fad5004572c73bbd31ff6d5

memory/4852-71-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a705D.bat

MD5 0a435014b53f99043ec3ec76bad79693
SHA1 0a7795887cec728d0ea351a2cd298a6149eb8439
SHA256 fd6e8b98f5fa11c2a2fd55020bf19cb46b9c024be48cceaed5d8bb338e29a399
SHA512 72baa819006871aafd326d4615238bbf383fedf5243f30605bcb5fa0df610c4ca7730f594618aa40dd79b1aaac8926192c886efcbd36875c1985427402f3b3c3

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 79ba5757247519e0b52e7dcf48984c95
SHA1 bed7028788c0396b2c55d82763c14cc188f56681
SHA256 d959918b5d84f091d39312b7d4ea3a1bb54b5dc1afa874fe75ed90bf8f3d7289
SHA512 595fb159ac57b63486cd8699f1942419f01208eb693f815ad88e29a589674bace036bfa12930436cad7865f2fa529e4b3299ddc77c1d8c4a8350aa258d1644cf

C:\Users\Admin\AppData\Local\Temp\$$a71B5.bat

MD5 a44d7218b366c4ea0ec51c5a7630fffb
SHA1 969c3c107b1d2035b8152782cdb856dea6ae0dd2
SHA256 588b417d2a0ecb75f6c04add7f696698c8f0570aef77484c44511a36e3611744
SHA512 d6ccc2db1b29d55473fa91046adf66814bf72825afcb3d1b46fd61ee93a8ce7e0c98fe0c0d1cd8b4c4513fc6890e0cf4e6e9cadcd820e6644ab7662118157137

memory/4080-78-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 5e7a70498f1b3bd901a740584325e35b
SHA1 ace00cf12e896d6e9028c828652c03885a4f4891
SHA256 4c03d544593461b8ad204ada444c20adf5c5f992c9b23ae914d9013daf6d3d97
SHA512 4fd38764f82ae6565d756cfddfc5e205aeb96f2fca5b05bf135b5720911a393a207a6f390fa79a0ee6dbb585aa5cb0548776d853581d48cd4ec44f7549f184e6

C:\Users\Admin\AppData\Local\Temp\$$a72EE.bat

MD5 a5e81a53630c0b50125db2595d9a201a
SHA1 20c2546100370474eeea2a8733169991f70c10fb
SHA256 3944558d2dcf79c5a4ade3ebb1d506f3afc8ff8451bc2f5d5e86c1e72641328f
SHA512 6dcf1e2ac8d476bf269d93f6eb8c74afd691f7de23b174028a6d6cc20340836bbc3c05dffaf1b49a5b947f909ef3485e310a9cf31780c9e00ba898e9a0ba611d

memory/2008-85-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 0458bec09b32103121c7c90d6edf8f8f
SHA1 301b79f3b028343f4bb28b1099dfe1d291be8594
SHA256 59a0cd42318df066d1380aa2ca31e25cc287d64c950cf44e01bdbb871e21287c
SHA512 a93f2aac660fffb39a2f7769c2c882d1733b901a4bd20e5dc2b077cf8c60af5ae805ee547c0415e0830205690ddb9771cfbad409d5b269b646574af031c42231

C:\Users\Admin\AppData\Local\Temp\$$a7407.bat

MD5 ae35625e14a53bac93a6b2de1e1fc132
SHA1 e580d1f9995900372fbe6089a345c49f2cf8a7ea
SHA256 ee106a36f9c4fd048318085f8a5f88c90eab9723301f3637cf25608bc6b602fd
SHA512 4cdfae15f1027f988d0c348cf9031528b8c0de6397b90ceb9663aadc3e2ab91b71f6f0f370a678440c03da6bfb45d1c533410323ec1fd67b4252031efa75156e

memory/1620-97-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3596-93-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 f35e9166b61bab6d2d3c4d7fd57707f1
SHA1 c12d339f1fa6212be6ac551367e2831449d15675
SHA256 81f1a79833b76392b2e2002dbf1a930c0efed43f251d3a0d0af1edd85204fa75
SHA512 841f6634b453bb47ca01ac8fe8a91a20e3a02e8229dbedaebc5e3edef9c14e5aad29219a8a4a17be0916e7b7cf79ff01026cbdefc7e893503b654f3f37aeea84

memory/5864-104-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a753F.bat

MD5 159e99010494c8ecfb62b957b4bc291f
SHA1 411665f40fd6ebc3193981971f905d13c3b0dccc
SHA256 c7fbb20bef4a5fbe95ac9accf4ef28b68332844bbe1cf76b99f7ac71216af385
SHA512 87f4b4c5f6c165c7588e421cdb4c32fe21aff9a38bcafea9a0b3e9024af73c3af9cbb51fb85e5466af308c8b7a51d92117252d5a631c86830aaa436684749ebe

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 af544ba04af764209fc63fde6b71e503
SHA1 36a3c328bbb8aab0dc0402be1908087b527fbcee
SHA256 3f32769e8b5ec379933950125b26a5aef1897129360c9e6d1e3f8b6459a2873b
SHA512 243756278c4a763de27af8c64d7d1e13cd53595230d5aa75e82fc80512829e53aaef731e8f2c29a4e99f05f721ab6efb14f4db9bf6c74c0f1e10b28bdd920f2a

memory/5132-111-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7668.bat

MD5 f602895f0bc57e1ba2a7f5c992741a80
SHA1 cd70f7a7e3211be5dadaec68027bd9c595ac77dc
SHA256 a90f3c382233e80832cc6f1c84415cb892308f7119e4d74312c040485cb4eb8d
SHA512 10b587674aa479cac012ad678ee15655cc100a8213ae6f8af2d4d41b6dc78b8d79cd8c5b2163102f1d4e110ce951567d7a5fdf93b3a4684cd09bcae0798f123a

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 a73290887d27b9b60bb6f81df57562e5
SHA1 a92febb402310ca394f0b039e3fb60d6f68483cf
SHA256 89032efe3db5daa15fee68f5922fc751bea66db71a4be5b18aa16f20e163e0bc
SHA512 41e8827088dbe8ad904cafed2b8c1ab82873152835f9569f3b2277a961311c06377d68d6c827984533e11a273f10f51bafdc19d47ad08645fa8d9053daf2e0de

C:\Users\Admin\AppData\Local\Temp\$$a77B0.bat

MD5 f9ad6a91cb04c03391b00da15125af90
SHA1 f0671255d9d0f83a900954878fa5c01ea9e238ad
SHA256 7d0d76ef8a338f01bc2b6fde30fa20abf776bc232ed3b2a835f207a6a7de9a1e
SHA512 fc066ef271de52265ed6689c55b3c7f9fa017156f0b7e0b6e72ac2c60e20bc2b9e67ba0e330d1faa1ba6850a057a3b77a04e70eab006f24adf89d801a262817c

memory/716-118-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 8919744c338c6020603f8303d9bcde70
SHA1 a69cc73418ce0317fe40818148d687fefe263b11
SHA256 4fd040a1867a59850471ef79a1e5e138305ba5685beb50c9d7eb2687a07d6364
SHA512 242c5b80760f30d1b4a6105ce9848e8241d23a0b82ab6b57700c6cb3217df7b490143e0621e6466a7748d28fe9f0f2cc39bb47dfa017b647e950e245d222ed49

memory/1160-128-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7995.bat

MD5 4f0e88da7374a73a735786add6be83da
SHA1 721e1beb9984f6a4004472464392e69525f06f19
SHA256 1f21e9e19db3e6444a4dd15cd7b4ffb9908829e5390f702c86ded0868517f3aa
SHA512 5886d3cf165f030c189538a614cd29eacb46c5b5d3bc489e3dd782748da32a89090da2e5accf65b5b8bf3f9d679c130d6bea63c2275639e39e1b995dd79a5c03

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 a020fdeb1d6175a1cf4f495394b0b94c
SHA1 f11c00afbe483d3ca4b7908cd6834ef10e842370
SHA256 87d8c2ae0be2556c279900b62051d2c1402bd8abf0a2672ac442e8e182401be8
SHA512 9cbf0c13c647945e3efb16d79e2d3e0796915a5d676d0714f9306860820d15ff08fd96d7ce2debf9c0a57490b4c93c229109957cb591f45d522197025c440b31

memory/3128-135-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a79E3.bat

MD5 cf4524af1951378c6331124b0afb0400
SHA1 ee06fef0af7a7f6e4040dc30ea5ce1554a0c7365
SHA256 844207c7ee285b243d67a7cf9d84b3369875b3e343cd72db6fcbec638de2ea66
SHA512 a2182050292d5bdf0b55fb430eb06c73b3135032650bc150789027638987c2cb41bcecd79f11dc8cc584ab307190ba4dbcaf5b7bc3f8d9e4f40776c2546a940b

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 c27948888438046626509961611af3fd
SHA1 f67014fe7b410ea7042f1576075b92632458cd13
SHA256 e84597d6eea39db1ee7cf1043b7636f1922e95f726b4f616879ee1c239535cde
SHA512 efe5fee6df8d9ac8b681a7cc74f4c205604cc96ecf16127254c950f1a6d0135a8dc3ea4d5dafbb9d051a85e852fa3d6d7de203ff65242e54d0f6863d7e802fb7

memory/4488-142-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7B1B.bat

MD5 9211dd592f7c81a1efa726ba73ca13f6
SHA1 fdf56914223f346b40499ef67ece3e179ffe7e57
SHA256 df479960ef3d84cd9be1cc223150598fa3488dd3d814f94ce2c92d684835ede6
SHA512 c09d57cc944c0fd9d7f197e7f3897771baef05d348e0b2fc389d50675d74299d993a7800571c37d625987b412e2b4eb45458004b2f9d0fbeb2148f4553495565

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 46680b6766e5e53499f4bda441cc5ffe
SHA1 5422c571d3cba03c5cba6be09b9187cbeea09c7d
SHA256 89658870a62883512511d5f596ba13317389de133909cabfa9b47ce4fc172433
SHA512 502a25fd4c76b9496592ad7f32bc8f787fd77e980263d04af6ff8c0a57e874381e12a9ae8dfef97f5481cdabd396298c13cd72c3026e8a799eb0d0761d36f146

C:\Users\Admin\AppData\Local\Temp\$$a7C44.bat

MD5 3b435c4631fdc9914108f65933b74cb3
SHA1 50689f1fa9b950aaef973bb05be6ca066195a8f0
SHA256 cd189ee78d2c0ff95098c27530a5b4b70bf58f03134f331e0ef4b82a63a19bbb
SHA512 48fcf217aed3f99ca2874ee98e7f6e86a1494eca146064ecc72dd52ee8fa6e7b59e04ad3806e104d5376f9852bd296e41dd9086c93fbd2d8fc6cb138d524cfa1

memory/6048-151-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 85a2f15180ba32291fa04a10cc9c26dc
SHA1 89dec3e9f0f2c806880fe5d855d337366e28ff72
SHA256 d3316e7693846ddc25d7fe433a69a877f806fa218d6fbe47054b384446edcd79
SHA512 ab24e48af3526fb9c18a1bfc214e17692e9dde44507812dff582b04ef0aa0924ea4d33c68d8926f8e0707a2b153baf8b07878eaa5c183813a9901367b4e15790

C:\Users\Admin\AppData\Local\Temp\$$a7D5E.bat

MD5 52a5047eecaf28546744675f93df3164
SHA1 048865dfb556d01c9170952bb3eeefbbcc95b027
SHA256 335c306b929c10a64ab1152ab95ab9d32ee64959f71e8071d3f1c114b68dfffa
SHA512 91e72e88f28c726a719a96765c9091371866eb4fa16f94172d7af3f2e461ce90edeea583e72c94a4e574895ce05cfc02835b377b1efe0e2b5a3f04ae9fc033d2

memory/3380-158-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 f2f8f18413fb83a9f083e6e428f8cbf9
SHA1 ca2cee4c0df1cc74fc362cc1713871c00106c61f
SHA256 0797b5cea8d82c6a33af5343b1c4305228ce47b84e67d9e988cc57e3fcb6fc50
SHA512 e298bd4462f920affcfbd7644393e8501f21b4e0d3372c35dd1e1fec552c5db91deb05022153360ffacd5de64adc8ffd7eb14ce51af766d7bf540fa558f56741

memory/5964-165-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\$$a7E86.bat

MD5 03258cd4aea4bb622758badb0e7126b8
SHA1 cbd16ba0feb1bfe2adf54607ec8eb86b725d7fd0
SHA256 e3f033d4a5ee7cba15e8443d07ffc6cc840c7defd43f58f92bb4c43ede020a44
SHA512 b3bd0145675f969a869cd8d7181d6b6b08bfb2cd156eb9dc0ac21baa781d6c7839cb17c733c44430f18813d7463fab678e4e06e9ee7ac8b5899576a5725f6909

C:\Users\Admin\AppData\Local\Temp\61322bc4339ae13d9d054fc6f7e1c57194570269ef740b7da9fa361c77843627.exe.exe

MD5 009c420eefc143ef412cb858df56f00f
SHA1 8984a10eaf92454ebb1286d501319c872ccd3b7a
SHA256 a1230d2d651c34730f6dfb862326c24f9190e60c8238652273c056d1f3f39146
SHA512 5a769ef6ab4436f1c9efd49a9ed85d9952fab3e5ea99503d8873e0c0660720705a2f21b32f111f4d11198df941eb9089fbb93d696699c710ff33901e9b8a0502

C:\Users\Admin\AppData\Local\Temp\$$a7FBF.bat

MD5 60938bd3c0117865e54821d0d49ed08e
SHA1 b640410b9d1104c0cb562170d983f5c383a3e59f
SHA256 f497ea63d3efe203322a28d06e867ac6903697d9f71f8809b8d961eb94390710
SHA512 cb779f1c5130a47b5a4d382c22d40d25e9d87ba11cdb6a8e723a2c2e23bb32ceb35f5e202f65e82674eaa24e588cce6307faa3bec005ecd6d636580baf383c37

memory/2276-172-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4876-179-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3612-183-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4932-187-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3980-191-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3844-195-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3476-199-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4692-203-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2444-207-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4300-211-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3036-215-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1512-219-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5928-353-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3388-518-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5128-646-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2056-905-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1384-1254-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3348-1647-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6076-1965-0x0000000000400000-0x0000000000445000-memory.dmp

memory/360-1969-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3260-1973-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2276-1977-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3592-1981-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6088-1985-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5624-1989-0x0000000000400000-0x0000000000445000-memory.dmp

memory/700-1993-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4976-1997-0x0000000000400000-0x0000000000445000-memory.dmp

memory/628-2001-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3596-2002-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5828-2050-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3572-2500-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1684-2844-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3508-3034-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2152-3303-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2076-3492-0x0000000000400000-0x0000000000445000-memory.dmp

memory/240-3740-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5912-3974-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1000-4148-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4672-4390-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6060-4670-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4944-4924-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4628-5074-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2992-5243-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4212-5495-0x0000000000400000-0x0000000000445000-memory.dmp

memory/772-5723-0x0000000000400000-0x0000000000445000-memory.dmp

memory/580-5761-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2060-5766-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1872-5771-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1396-5776-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1532-5781-0x0000000000400000-0x0000000000445000-memory.dmp

memory/440-5786-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4216-5791-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1220-5796-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4860-5801-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5948-5806-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3512-6018-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3124-6227-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2064-6310-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3796-6315-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3996-6320-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4284-6325-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1532-6330-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5880-6335-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3704-6340-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2860-6345-0x0000000000400000-0x0000000000445000-memory.dmp

memory/808-6350-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1448-6355-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1224-6360-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4952-6369-0x0000000000400000-0x0000000000445000-memory.dmp

memory/692-6374-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1120-6379-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2904-6384-0x0000000000400000-0x0000000000445000-memory.dmp

memory/696-6389-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5756-6394-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2700-6399-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3848-6404-0x0000000000400000-0x0000000000445000-memory.dmp

memory/572-6409-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6068-6414-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5000-6419-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1288-6424-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4992-6476-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5032-6738-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4664-7185-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6092-7386-0x0000000000400000-0x0000000000445000-memory.dmp

memory/832-7597-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3864-7952-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5732-8211-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1724-8398-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2704-8603-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2788-8812-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2784-9111-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5988-9480-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4440-9783-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3932-10059-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5344-10224-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2348-10676-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2876-10681-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5432-10686-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6032-10691-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5900-10696-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2628-10701-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3156-10706-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4168-10711-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1276-10716-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3784-10721-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3584-10726-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2568-10731-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6112-10736-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2180-10741-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5840-10746-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3968-10751-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2912-10756-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4520-10761-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4636-10766-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4932-10771-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4688-10776-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3404-10781-0x0000000000400000-0x0000000000445000-memory.dmp

memory/6124-10786-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3392-10791-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5412-10796-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3632-10801-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2416-10806-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5744-10811-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1076-10816-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2540-10821-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3268-10826-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5928-10831-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4452-10836-0x0000000000400000-0x0000000000445000-memory.dmp

memory/2160-10841-0x0000000000400000-0x0000000000445000-memory.dmp

memory/676-10846-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5672-10851-0x0000000000400000-0x0000000000445000-memory.dmp

memory/4812-10856-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5660-10861-0x0000000000400000-0x0000000000445000-memory.dmp

memory/492-10866-0x0000000000400000-0x0000000000445000-memory.dmp

memory/5044-10871-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3740-10872-0x0000000000400000-0x0000000000445000-memory.dmp

memory/3740-10877-0x0000000000400000-0x0000000000445000-memory.dmp