3455398812d71fe7e6983eb7b3bbfcfb7eeb597a15f9054c2b0dd1194701dfea

Analysis

max time kernel
300s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15/05/2023, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jueguitoGracioso/bromita.bat
Size

224B
MD5

5967a6813d277eee3fecc90db2e7d5ae
SHA1

3e78a574777f18477740fd1bad1f66b241d8e672
SHA256

b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1
SHA512

dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Score

3^/10

Malware Config

Signatures

Program crash 6 IoCs

pid	pid_target	Process	procid_target
12708	12360	WerFault.exe
13036	6324	WerFault.exe	217
13280	12976	WerFault.exe	661
11692	13248	WerFault.exe	674
12932	7748	WerFault.exe	279
14116	1004	WerFault.exe	11

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
13900	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	13900	taskmgr.exe
Token: SeSystemProfilePrivilege	13900	taskmgr.exe
Token: SeCreateGlobalPrivilege	13900	taskmgr.exe
Token: SeCreateGlobalPrivilege	14224	dwm.exe
Token: SeChangeNotifyPrivilege	14224	dwm.exe
Token: 33	14224	dwm.exe
Token: SeIncBasePriorityPrivilege	14224	dwm.exe
Token: SeShutdownPrivilege	14224	dwm.exe
Token: SeCreatePagefilePrivilege	14224	dwm.exe
Token: SeShutdownPrivilege	14224	dwm.exe
Token: SeCreatePagefilePrivilege	14224	dwm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe
13900	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 4820	4292	cmd.exe	86
PID 4292 wrote to memory of 4820	4292	cmd.exe	86
PID 4292 wrote to memory of 4800	4292	cmd.exe	88
PID 4292 wrote to memory of 4800	4292	cmd.exe	88
PID 4292 wrote to memory of 832	4292	cmd.exe	90
PID 4292 wrote to memory of 832	4292	cmd.exe	90
PID 4292 wrote to memory of 1156	4292	cmd.exe	92
PID 4292 wrote to memory of 1156	4292	cmd.exe	92
PID 4292 wrote to memory of 1324	4292	cmd.exe	94
PID 4292 wrote to memory of 1324	4292	cmd.exe	94
PID 4820 wrote to memory of 3000	4820	cmd.exe	96
PID 4820 wrote to memory of 3000	4820	cmd.exe	96
PID 4820 wrote to memory of 4208	4820	cmd.exe	97
PID 4820 wrote to memory of 4208	4820	cmd.exe	97
PID 4820 wrote to memory of 2256	4820	cmd.exe	109
PID 4820 wrote to memory of 2256	4820	cmd.exe	109
PID 4820 wrote to memory of 2108	4820	cmd.exe	108
PID 4820 wrote to memory of 2108	4820	cmd.exe	108
PID 4820 wrote to memory of 2072	4820	cmd.exe	106
PID 4820 wrote to memory of 2072	4820	cmd.exe	106
PID 4820 wrote to memory of 5012	4820	cmd.exe	102
PID 4820 wrote to memory of 5012	4820	cmd.exe	102
PID 4292 wrote to memory of 224	4292	cmd.exe	101
PID 4292 wrote to memory of 224	4292	cmd.exe	101
PID 4820 wrote to memory of 836	4820	cmd.exe	110
PID 4820 wrote to memory of 836	4820	cmd.exe	110
PID 4820 wrote to memory of 1436	4820	cmd.exe	111
PID 4820 wrote to memory of 1436	4820	cmd.exe	111
PID 1324 wrote to memory of 3712	1324	cmd.exe	114
PID 1324 wrote to memory of 3712	1324	cmd.exe	114
PID 224 wrote to memory of 1804	224	cmd.exe	115
PID 224 wrote to memory of 1804	224	cmd.exe	115
PID 224 wrote to memory of 3800	224	cmd.exe	123
PID 224 wrote to memory of 3800	224	cmd.exe	123
PID 224 wrote to memory of 3096	224	cmd.exe	117
PID 224 wrote to memory of 3096	224	cmd.exe	117
PID 224 wrote to memory of 3624	224	cmd.exe	118
PID 224 wrote to memory of 3624	224	cmd.exe	118
PID 1324 wrote to memory of 1320	1324	cmd.exe	124
PID 1324 wrote to memory of 1320	1324	cmd.exe	124
PID 4208 wrote to memory of 4060	4208	cmd.exe	126
PID 4208 wrote to memory of 4060	4208	cmd.exe	126
PID 4208 wrote to memory of 1160	4208	cmd.exe	129
PID 4208 wrote to memory of 1160	4208	cmd.exe	129
PID 836 wrote to memory of 2940	836	cmd.exe	128
PID 836 wrote to memory of 2940	836	cmd.exe	128
PID 836 wrote to memory of 2724	836	cmd.exe	133
PID 836 wrote to memory of 2724	836	cmd.exe	133
PID 1436 wrote to memory of 3724	1436	cmd.exe	134
PID 1436 wrote to memory of 3724	1436	cmd.exe	134
PID 224 wrote to memory of 3508	224	cmd.exe	136
PID 224 wrote to memory of 3508	224	cmd.exe	136
PID 3712 wrote to memory of 3792	3712	cmd.exe	145
PID 3712 wrote to memory of 3792	3712	cmd.exe	145
PID 224 wrote to memory of 3412	224	cmd.exe	141
PID 224 wrote to memory of 3412	224	cmd.exe	141
PID 224 wrote to memory of 3432	224	cmd.exe	137
PID 224 wrote to memory of 3432	224	cmd.exe	137
PID 1436 wrote to memory of 3516	1436	cmd.exe	142
PID 1436 wrote to memory of 3516	1436	cmd.exe	142
PID 836 wrote to memory of 1120	836	cmd.exe	169
PID 836 wrote to memory of 1120	836	cmd.exe	169
PID 3712 wrote to memory of 2992	3712	cmd.exe	146
PID 3712 wrote to memory of 2992	3712	cmd.exe	146

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
    3⤵
    PID:3000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone4.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4208
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone4.bat
      4⤵
      PID:4060
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone60.bat
        5⤵
        
        PID:13252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone12.bat
      4⤵
      PID:1160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone4.bat
      4⤵
      PID:11752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone6.bat
    3⤵
    PID:5012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
    3⤵
    PID:2072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:8736
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:9116
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        6⤵
        
        PID:9540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        7⤵
        
        PID:12328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone71.bat
        6⤵
        
        PID:9672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        7⤵
        
        PID:12780
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        6⤵
        
        PID:12280
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone68.bat
        5⤵
        
        PID:9144
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:8216
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone69.bat
        5⤵
        
        PID:9388
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone69.bat
        6⤵
        
        PID:12472
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:11704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone63.bat
      4⤵
      PID:8900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:9128
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone94.bat
        5⤵
        
        PID:13080
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone137.bat
        5⤵
        
        PID:13168
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:12856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone66.bat
      4⤵
      PID:8780
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:9252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone70.bat
      4⤵
      PID:9380
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone10.bat
        5⤵
        
        PID:12968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone5.bat
    3⤵
    PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
    3⤵
    PID:2256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:2940
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone61.bat
        5⤵
        
        PID:12280
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone13.bat
      4⤵
      PID:2724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone14.bat
      4⤵
      PID:3468
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone33.bat
        5⤵
        
        PID:6360
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone14.bat
        5⤵
        
        PID:6304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone14.bat
        6⤵
        
        PID:6276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone43.bat
        6⤵
        
        PID:4888
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:1120
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone108.bat
      4⤵
      PID:11364
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone107.bat
      4⤵
      PID:2016
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone7.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone7.bat
      4⤵
      PID:3724
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone14.bat
      4⤵
      PID:3516
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone14.bat
        5⤵
        
        PID:5296
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone14.bat
        6⤵
        
        PID:6092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone25.bat
        6⤵
        
        PID:5584
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone25.bat
        7⤵
        
        PID:12788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone14.bat
        6⤵
        
        PID:5732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        6⤵
        
        PID:5888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone52.bat
        7⤵
        
        PID:7400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone55.bat
        7⤵
        
        PID:7600
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone55.bat
        8⤵
        
        PID:12248
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone54.bat
        7⤵
        
        PID:7576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone54.bat
        8⤵
        
        PID:12008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        8⤵
        
        PID:12436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone53.bat
        7⤵
        
        PID:7552
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        8⤵
        
        PID:11964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone51.bat
        7⤵
        
        PID:7376
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone50.bat
        7⤵
        
        PID:7352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        8⤵
        
        PID:8304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone59.bat
        8⤵
        
        PID:8460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone82.bat
        9⤵
        
        PID:12416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        8⤵
        
        PID:8484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone61.bat
        8⤵
        
        PID:8644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone81.bat
        8⤵
        
        PID:13028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone49.bat
        7⤵
        
        PID:7328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7320
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone48.bat
        7⤵
        
        PID:7304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone47.bat
        7⤵
        
        PID:7280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone47.bat
        8⤵
        
        PID:11168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone112.bat
        8⤵
        
        PID:13100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone47.bat
        8⤵
        
        PID:13160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone46.bat
        7⤵
        
        PID:7224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        8⤵
        
        PID:3868
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone117.bat
        8⤵
        
        PID:12392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:7260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone56.bat
        7⤵
        
        PID:7360
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone93.bat
        8⤵
        
        PID:12820
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone85.bat
        7⤵
        
        PID:9856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:9844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone84.bat
        7⤵
        
        PID:9716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:9744
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone83.bat
        7⤵
        
        PID:9692
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:9568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone29.bat
        7⤵
        
        PID:10576
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone86.bat
        7⤵
        
        PID:10916
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone21.bat
        5⤵
        
        PID:5488
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone77.bat
      4⤵
      PID:9836
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone75.bat
        5⤵
        
        PID:12548
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone77.bat
        5⤵
        
        PID:11956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone7.bat
      4⤵
      PID:9828
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone7.bat
      4⤵
      PID:10020
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone78.bat
      4⤵
      PID:10072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K clone1.bat
  2⤵
  PID:4800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
  2⤵
  PID:832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K clone2.bat
  2⤵
  PID:1156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3712
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
      4⤵
      PID:3792
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone97.bat
        5⤵
        
        PID:11376
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11368
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone96.bat
        5⤵
        
        PID:11352
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11344
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11620
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone121.bat
        6⤵
        
        PID:3860
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        6⤵
        
        PID:11880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone120.bat
        6⤵
        
        PID:5776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        6⤵
        
        PID:12012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone119.bat
        6⤵
        
        PID:11828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone119.bat
        7⤵
        
        PID:12540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        6⤵
        
        PID:11972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone122.bat
        6⤵
        
        PID:13156
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone98.bat
        5⤵
        
        PID:11676
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone105.bat
        5⤵
        
        PID:11868
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11860
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone104.bat
        5⤵
        
        PID:11844
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone103.bat
        5⤵
        
        PID:11816
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11808
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone102.bat
        5⤵
        
        PID:11792
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11784
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone101.bat
        5⤵
        
        PID:11764
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11756
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone100.bat
        5⤵
        
        PID:11740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone100.bat
        6⤵
        
        PID:12492
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11732
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone99.bat
        5⤵
        
        PID:11712
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\bromita.bat
        5⤵
        
        PID:11704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone15.bat
      4⤵
      PID:2992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone59.bat
      4⤵
      PID:12336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone8.bat
    3⤵
    PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K clone3.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:1804
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:464
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:6768
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone36.bat
        5⤵
        
        PID:6992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone36.bat
        6⤵
        
        PID:12796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone17.bat
      4⤵
      PID:5180
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        5⤵
        
        PID:5684
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone23.bat
        5⤵
        
        PID:5704
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone23.bat
        6⤵
        
        PID:6284
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        5⤵
        
        PID:5736
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:2288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        7⤵
        
        PID:6592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone37.bat
        7⤵
        
        PID:6620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        7⤵
        
        PID:12960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone30.bat
        6⤵
        
        PID:5876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone30.bat
        7⤵
        
        PID:6324
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone30.bat
        8⤵
        
        PID:7096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone57.bat
        9⤵
        
        PID:12496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone42.bat
        8⤵
        
        PID:7148
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone42.bat
        9⤵
        
        PID:2852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone57.bat
        9⤵
        
        PID:7488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone42.bat
        9⤵
        
        PID:11928
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 6324 -s 612
        8⤵
        Program crash
        
        PID:13036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone34.bat
        7⤵
        
        PID:6348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone34.bat
        8⤵
        
        PID:12188
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:12220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone81.bat
        6⤵
        
        PID:10136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:10128
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        7⤵
        
        PID:13116
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone80.bat
        6⤵
        
        PID:10112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:10104
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone79.bat
        6⤵
        
        PID:10088
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:10476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:10080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone11.bat
        7⤵
        
        PID:12808
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone82.bat
        6⤵
        
        PID:10792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone89.bat
        6⤵
        
        PID:11396
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        6⤵
        
        PID:12116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone35.bat
        7⤵
        
        PID:13092
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone24.bat
        5⤵
        
        PID:5840
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone17.bat
        5⤵
        
        PID:5880
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        5⤵
        
        PID:5956
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone73.bat
        6⤵
        
        PID:9308
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        6⤵
        
        PID:9300
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone72.bat
        6⤵
        
        PID:9284
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone9.bat
        7⤵
        
        PID:12760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone72.bat
        7⤵
        
        PID:11920
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        6⤵
        
        PID:9276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        6⤵
        
        PID:9640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone75.bat
        6⤵
        
        PID:9704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone9.bat
        7⤵
        
        PID:12732
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone75.bat
        7⤵
        
        PID:12292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        6⤵
        
        PID:9696
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone74.bat
        6⤵
        
        PID:9680
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone27.bat
        6⤵
        
        PID:9992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone76.bat
        6⤵
        
        PID:10160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone77.bat
        7⤵
        
        PID:12000
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:5204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:5236
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone19.bat
      4⤵
      PID:5220
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone20.bat
      4⤵
      PID:5456
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone20.bat
        5⤵
        
        PID:5900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone20.bat
        6⤵
        
        PID:6256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone20.bat
        7⤵
        
        PID:6836
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone40.bat
        7⤵
        
        PID:6864
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone40.bat
        8⤵
        
        PID:12104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone20.bat
        7⤵
        
        PID:12028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone20.bat
        7⤵
        
        PID:11968
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        6⤵
        
        PID:6280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        7⤵
        
        PID:6796
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:2856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        9⤵
        
        PID:8240
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone58.bat
        9⤵
        
        PID:8280
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone39.bat
        10⤵
        
        PID:3184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone40.bat
        10⤵
        
        PID:12316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone58.bat
        10⤵
        
        PID:12636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone44.bat
        8⤵
        
        PID:7036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:6588
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        9⤵
        
        PID:8356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone60.bat
        9⤵
        
        PID:8492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone79.bat
        9⤵
        
        PID:12476
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        9⤵
        
        PID:11872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone45.bat
        8⤵
        
        PID:7748
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone45.bat
        9⤵
        
        PID:13000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone153.bat
        9⤵
        
        PID:13088
        
        C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 7748 -s 584
        9⤵
        Program crash
        
        PID:12932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone93.bat
        8⤵
        
        PID:11100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone93.bat
        9⤵
        
        PID:12696
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone92.bat
        8⤵
        
        PID:11076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone91.bat
        8⤵
        
        PID:11052
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone5.bat
        9⤵
        
        PID:12932
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11044
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone94.bat
        8⤵
        
        PID:11088
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone94.bat
        9⤵
        
        PID:11872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11336
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone95.bat
        8⤵
        
        PID:11544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone39.bat
        7⤵
        
        PID:7008
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone48.bat
        8⤵
        
        PID:12940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        7⤵
        
        PID:7048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:12108
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        9⤵
        
        PID:12292
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:12964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone41.bat
        7⤵
        
        PID:1668
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone28.bat
        5⤵
        
        PID:5948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:5480
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone26.bat
        5⤵
        
        PID:5916
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone26.bat
        6⤵
        
        PID:6152
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone26.bat
        7⤵
        
        PID:6512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone30.bat
        8⤵
        
        PID:11168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone32.bat
        8⤵
        
        PID:11708
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone35.bat
        7⤵
        
        PID:6656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone68.bat
        7⤵
        
        PID:7520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone26.bat
        7⤵
        
        PID:12736
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:13080
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone31.bat
        6⤵
        
        PID:6168
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone26.bat
        6⤵
        
        PID:12040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone62.bat
        6⤵
        
        PID:12768
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:5856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone22.bat
      4⤵
      PID:5524
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone22.bat
        5⤵
        
        PID:6716
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone38.bat
        5⤵
        
        PID:6948
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone58.bat
      4⤵
      PID:12684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:11776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone10.bat
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone9.bat
    3⤵
    PID:3800
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone45.bat
      4⤵
      PID:13260
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone9.bat
      4⤵
      PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:3508
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone45.bat
      4⤵
      PID:12764
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:12248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:3432
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:11784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone11.bat
    3⤵
    PID:3412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:4848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone18.bat
    3⤵
    PID:4580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone16.bat
    3⤵
    PID:1388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:8688
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:12988
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone97.bat
      4⤵
      PID:13072
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:13036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone62.bat
    3⤵
    PID:8716
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:8768
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone3.bat
      4⤵
      PID:9208
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone89.bat
        5⤵
        
        PID:10656
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:10648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone88.bat
        5⤵
        
        PID:10632
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:10624
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        6⤵
        
        PID:12280
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone6.bat
        6⤵
        
        PID:12580
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone87.bat
        5⤵
        
        PID:10608
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:10600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        6⤵
        
        PID:13260
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:11008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        6⤵
        
        PID:11784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone47.bat
        7⤵
        
        PID:12416
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:12580
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone90.bat
        5⤵
        
        PID:10596
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone95.bat
        5⤵
        
        PID:12676
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone3.bat
        5⤵
        
        PID:11716
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone69.bat
      4⤵
      PID:8928
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K clone69.bat
        5⤵
        
        PID:12896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone64.bat
    3⤵
    PID:8892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:8936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone65.bat
    3⤵
    PID:8976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone3.bat
    3⤵
    PID:9152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone67.bat
    3⤵
    PID:9192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K clone67.bat
      4⤵
      PID:11364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K clone89.bat
    3⤵
    PID:13120

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 12524 -ip 12524
1⤵
PID:12600

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 12444 -ip 12444
1⤵
PID:12620

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 12360 -s 392
1⤵
- Program crash
PID:12708

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 604 -p 12536 -ip 12536
1⤵
PID:12696

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 180 -p 7392 -ip 7392
1⤵
PID:11812

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:12472

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:12808

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 648 -p 12976 -ip 12976
1⤵
PID:3184

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 12976 -s 336
1⤵
- Program crash
PID:13280

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 13248 -s 336
1⤵
- Program crash
PID:11692

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 652 -p 7748 -ip 7748
1⤵
PID:11892

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:12496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:11776

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:12764

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:13900

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 692 -p 1004 -ip 1004
1⤵
PID:14100

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1004 -s 6112
1⤵
- Program crash
PID:14116

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone1.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone10.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone11.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone12.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone13.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone14.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone14.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone15.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone16.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone17.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone18.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone19.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone2.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone20.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone21.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone22.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone23.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone24.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone25.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone26.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone27.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone28.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone29.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone3.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone3.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone30.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone31.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone32.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone33.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone34.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone35.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone36.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone37.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone38.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone39.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone4.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone40.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone41.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone42.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone43.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone44.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone45.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone46.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone47.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone48.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone49.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone5.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone50.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone51.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone52.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone53.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone54.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone55.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone56.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone57.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone58.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone59.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone6.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone60.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone61.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone65.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone69.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone7.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone8.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit
C:\Users\Admin\AppData\Local\Temp\jueguitoGracioso\clone9.bat

Filesize
224B

MD5
5967a6813d277eee3fecc90db2e7d5ae

SHA1
3e78a574777f18477740fd1bad1f66b241d8e672

SHA256
b431839610d055c779d2bce42e53402273d1c881e84345f00b1496b608dd12a1

SHA512
dd6e9a7431734b621bc4470f7692ff866ffb30d5d8d612058a39e878cbaedbe8d45132a900d061113e82c3cbcf2bcfb1ba473e6c26ae930cfde8754738f0cc11

Download Submit