Analysis Overview
SHA256
34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5
Threat Level: Known bad
The file source_prepared.exe was found to be: Known bad.
Malicious Activity Summary
Pysilon family
Detect Pysilon
Enumerates VirtualBox DLL files
Sets file to hidden
Executes dropped EXE
UPX packed file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious behavior: GetForegroundWindowSpam
Kills process with taskkill
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Views/modifies file attributes
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-22 20:29
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-22 20:29
Reported
2023-11-22 21:19
Platform
win7-20231020-en
Max time kernel
1561s
Max time network
1567s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2132 wrote to memory of 2752 | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe |
| PID 2132 wrote to memory of 2752 | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe |
| PID 2132 wrote to memory of 2752 | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll
| MD5 | 178a0f45fde7db40c238f1340a0c0ec0 |
| SHA1 | dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe |
| SHA256 | 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed |
| SHA512 | 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee |
\Users\Admin\AppData\Local\Temp\_MEI21322\python310.dll
| MD5 | 178a0f45fde7db40c238f1340a0c0ec0 |
| SHA1 | dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe |
| SHA256 | 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed |
| SHA512 | 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee |
memory/2752-1261-0x000007FEF6190000-0x000007FEF65FE000-memory.dmp
memory/2752-1262-0x000007FEF6190000-0x000007FEF65FE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-22 20:29
Reported
2023-11-22 21:22
Platform
win10v2004-20231023-en
Max time kernel
482s
Max time network
521s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\folderppa\Setup.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\folderppa\Setup.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\folderppa\Setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\folderppa\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\folderppa\Setup.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startup = "C:\\Users\\Admin\\folderppa\\Setup.exe" | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_debug.log | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings | C:\Users\Admin\folderppa\Setup.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\folderppa\Setup.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\source_prepared.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\folderppa\Setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\folderppa\Setup.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x50c
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\folderppa\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\folderppa\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\folderppa\Setup.exe
"Setup.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "source_prepared.exe"
C:\Users\Admin\folderppa\Setup.exe
"Setup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\folderppa\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --screenshot=C:\Users\Admin\folderppa\image.png --window-size=500,300 --default-background-color=00000000 --hide-scrollbars C:\Users\Admin\AppData\Local\Temp\html2image\image.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff856669758,0x7ff856669768,0x7ff856669778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1380 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1656 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --allow-pre-commit-input --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1888 --field-trial-handle=1408,i,13249316837440828769,14185135699046957177,131072 --disable-features=PaintHolding /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\image.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\22.11.2023_20.52.wav"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del rec_\22.11.2023_20.54.wav"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\folderppa\ss.png"
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI38322\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\folderppa\recording.mp4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\wabbit.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff856669758,0x7ff856669768,0x7ff856669778
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" C:\Users\Admin\wabbit.bat"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 254.7.248.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| N/A | 127.0.0.1:59692 | tcp | |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | update.videolan.org | udp |
| FR | 213.36.253.119:80 | update.videolan.org | tcp |
| FR | 213.36.253.119:80 | update.videolan.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 119.253.36.213.in-addr.arpa | udp |
| NL | 66.22.199.91:50006 | udp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.234:443 | tcp | |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 63.143.36.193:443 | tcp | |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 204.110.191.235:443 | tcp | |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python310.dll
| MD5 | 178a0f45fde7db40c238f1340a0c0ec0 |
| SHA1 | dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe |
| SHA256 | 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed |
| SHA512 | 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python310.dll
| MD5 | 178a0f45fde7db40c238f1340a0c0ec0 |
| SHA1 | dcd2d3d14e06da3e8d7dc91a69b5fd785768b5fe |
| SHA256 | 9fcb5ad15bd33dd72122a171a5d950e8e47ceda09372f25df828010cde24b8ed |
| SHA512 | 4b790046787e57b9414a796838a026b1530f497a75c8e62d62b56f8c16a0cbedbefad3d4be957bc18379f64374d8d3bf62d3c64b53476c7c5005a7355acd2cee |
memory/3216-1263-0x00007FF846D40000-0x00007FF8471AE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\base_library.zip
| MD5 | ee93ce2f8261ba7510f041619bb2b6f2 |
| SHA1 | f1d5d2f4c0b10e862b4b0a5ea65c47645901f894 |
| SHA256 | 41ce839465cf935b821cafc3a98afe1c411bf4655ad596442eb66d140ccd502e |
| SHA512 | c410a0b9eb43b2d0b190f453ea3907cdc70bfcf190ecf80fb03ed906af381853153270fd824fe2e2ba703bceed79e973f330d5ec31dfabff0f5a9f0f162136e9 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ctypes.pyd
| MD5 | 813fc3981cae89a4f93bf7336d3dc5ef |
| SHA1 | daff28bcd155a84e55d2603be07ca57e3934a0de |
| SHA256 | 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06 |
| SHA512 | ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.DLL
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ctypes.pyd
| MD5 | 813fc3981cae89a4f93bf7336d3dc5ef |
| SHA1 | daff28bcd155a84e55d2603be07ca57e3934a0de |
| SHA256 | 4ac7fb7b354069e71ebf7fcc193c0f99af559010a0ad82a03b49a92deb0f4d06 |
| SHA512 | ce93f21b315d96fde96517a7e13f66aa840d4ad1c6e69e68389e235e43581ad543095582ebcb9d2c6dda11c17851b88f5b1ed1d59d354578fe27e7299bbea1cc |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.dll
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\python3.dll
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_bz2.pyd
| MD5 | 93fe6d3a67b46370565db12a9969d776 |
| SHA1 | ff520df8c24ed8aa6567dd0141ef65c4ea00903b |
| SHA256 | 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b |
| SHA512 | 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_hashlib.pyd
| MD5 | 4ae75c47dbdebaa16a596f31b27abd9e |
| SHA1 | a11f963139c715921dedd24bc957ab6d14788c34 |
| SHA256 | 2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d |
| SHA512 | e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_uuid.pyd
| MD5 | aa65dc954ce85134a8f5d8604fa543aa |
| SHA1 | 75a31d76c85b3a78c906c0564fa7763e74c2fc49 |
| SHA256 | d7b691db91a6bdad2256c8ef392b12126090c8f4d1b43bfd3ec5a020b7f6a7ab |
| SHA512 | e40b03e6f0f405295b3cde5e7f5b3fdbb20de04e9715b4a31eebddf800918d86ac1b74431bb74ed94c4326d77699dd7b8bbe884d5718f0a95ca1d04f4690ea9b |
memory/3216-1318-0x00007FF856E10000-0x00007FF856E24000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libcrypto-1_1.dll
| MD5 | daa2eed9dceafaef826557ff8a754204 |
| SHA1 | 27d668af7015843104aa5c20ec6bbd30f673e901 |
| SHA256 | 4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914 |
| SHA512 | 7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-1_1.dll
| MD5 | eac369b3fde5c6e8955bd0b8e31d0830 |
| SHA1 | 4bf77158c18fe3a290e44abd2ac1834675de66b4 |
| SHA256 | 60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c |
| SHA512 | c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\charset_normalizer\md.cp310-win_amd64.pyd
| MD5 | 7568ff19fec3c28472dc2a86fc0df3a4 |
| SHA1 | ee85f762f30537b24e1ce3735ccff8fd833b3b2f |
| SHA256 | 32d3b38090be0e405089fbd173aa9b36c821fbd6b9b55a87c53491844d0de4f1 |
| SHA512 | 9b68ae10bf803c446f244336dc7086bbcfba16264a8a7957e972beedb9dddecd862649948bb4a3d2857fd885ba972cefcef7880a79f6d534c4689950cb1c3d69 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\charset_normalizer\md.cp310-win_amd64.pyd
| MD5 | 7568ff19fec3c28472dc2a86fc0df3a4 |
| SHA1 | ee85f762f30537b24e1ce3735ccff8fd833b3b2f |
| SHA256 | 32d3b38090be0e405089fbd173aa9b36c821fbd6b9b55a87c53491844d0de4f1 |
| SHA512 | 9b68ae10bf803c446f244336dc7086bbcfba16264a8a7957e972beedb9dddecd862649948bb4a3d2857fd885ba972cefcef7880a79f6d534c4689950cb1c3d69 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd
| MD5 | 0e7612fc1a1fad5a829d4e25cfa87c4f |
| SHA1 | 3db2d6274ce3dbe3dbb00d799963df8c3046a1d6 |
| SHA256 | 9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8 |
| SHA512 | 52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517 |
memory/3216-1327-0x00007FF856CE0000-0x00007FF856CF9000-memory.dmp
memory/3216-1328-0x00007FF8589C0000-0x00007FF8589CD000-memory.dmp
memory/3216-1329-0x00007FF856CB0000-0x00007FF856CDE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd
| MD5 | 081c878324505d643a70efcc5a80a371 |
| SHA1 | 8bef8336476d8b7c5c9ef71d7b7db4100de32348 |
| SHA256 | fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66 |
| SHA512 | c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\select.pyd
| MD5 | 666358e0d7752530fc4e074ed7e10e62 |
| SHA1 | b9c6215821f5122c5176ce3cf6658c28c22d46ba |
| SHA256 | 6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841 |
| SHA512 | 1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_socket.pyd
| MD5 | 7a31bc84c0385590e5a01c4cbe3865c3 |
| SHA1 | 77c4121abe6e134660575d9015308e4b76c69d7c |
| SHA256 | 5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36 |
| SHA512 | b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_tkinter.pyd
| MD5 | 28522a9d0fbcfd414d9c41d853b15665 |
| SHA1 | 801a62e40b573bccf14ac362520cd8e23c48d4a4 |
| SHA256 | 3898b004d31aec23cf12c61f27215a14a838d6c11d2bc7738b15730518154bb5 |
| SHA512 | e7e715c61db3c420cdee4425d67e05973616e60e23308ef2a24e4a25deeeb8d4802de1cd5cf6a997cec2e9ebad29a4c197b885f8d43e9f7b2b015e9c026782e8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_ssl.pyd
| MD5 | 081c878324505d643a70efcc5a80a371 |
| SHA1 | 8bef8336476d8b7c5c9ef71d7b7db4100de32348 |
| SHA256 | fcb70b58f94f5b0f9d027999cce25e99ddcc8124e4ddcc521cb5b96a52faaa66 |
| SHA512 | c36293b968a2f83705815ef3a207e444eeb7667ad9af61df75e85151f74f2fe0a299b3b1349de0d410bbbaea9f99cac5228189099a221de5fa1e20c97c648e32 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_sqlite3.pyd
| MD5 | bb4aa2d11444900c549e201eb1a4cdd6 |
| SHA1 | ca3bb6fc64d66deaddd804038ea98002d254c50e |
| SHA256 | f44d80ab16c27ca65da23ae5fda17eb842065f3e956f10126322b2ea3ecdf43f |
| SHA512 | cd3c5704e5d99980109fdc505d39ad5b26a951685e9d8e3fed9e0848cd44e24cc4611669dbdb58acc20f1f4a5c37d5e01d9d965cf6fe74f94da1b29aa2ff6931 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_socket.pyd
| MD5 | 7a31bc84c0385590e5a01c4cbe3865c3 |
| SHA1 | 77c4121abe6e134660575d9015308e4b76c69d7c |
| SHA256 | 5614017765322b81cc57d841b3a63cbdc88678ff605e5d4c8fdbbf8f0ac00f36 |
| SHA512 | b80cd51e395a3ce6f345b69243d8fc6c46e2e3828bd0a7e63673a508d889a9905d562cac29f1ed394ccfcda72f2f2e22f675963dd96261c19683b06dea0a0882 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_queue.pyd
| MD5 | 0e7612fc1a1fad5a829d4e25cfa87c4f |
| SHA1 | 3db2d6274ce3dbe3dbb00d799963df8c3046a1d6 |
| SHA256 | 9f6965eb89bbf60df0c51ef0750bbd0655675110d6c42eca0274d109bd9f18a8 |
| SHA512 | 52c57996385b9a573e3105efa09fd6fd24561589b032ef2b2ee60a717f4b33713c35989f2265669f980646d673e3c387b30b9fc98033bb8ca7c59ece1c17e517 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_overlapped.pyd
| MD5 | a752451482e3a12bb548d671dfdb8b45 |
| SHA1 | cd1b4b5fb4bd967a88f22a309fc4f91df2c5a6e9 |
| SHA256 | 6c415e1ff4c4cc218c8b3df6678f1eab8d4206bd269f68512910fa04b64b8f22 |
| SHA512 | 841408f1e01ac372e80882fd2e38207a92a26d5c445172ddc776279e5b08572b72a88011402d644135db145fd0893278999a09db15cc18920103b90fdb76de56 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_multiprocessing.pyd
| MD5 | 9e1a8a2209262745323a3087e3ca5356 |
| SHA1 | db5db846be89ed930291afd3e0b5ee31f3e8a50e |
| SHA256 | f7bc9e58a91241d120998e2125173b8ce05fb178e4c77825bcae0f9afd751769 |
| SHA512 | bb5741285b773b36a2c24f15d28d172cb96220a662111a587f5ea6a9652a3e09b4795737ae8d2785243990039ebb8f7a597423e3dbd9a69a9cc4917222fa65e7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_hashlib.pyd
| MD5 | 4ae75c47dbdebaa16a596f31b27abd9e |
| SHA1 | a11f963139c715921dedd24bc957ab6d14788c34 |
| SHA256 | 2308ee238cc849b1110018b211b149d607bf447f4e4c1e61449049eab0cf513d |
| SHA512 | e908fecb52268fac71933e2fdb96e539bdebe4675dfb50065aee26727bac53e07cca862193bcb3ab72d2ae62d660113a47e73e1e16db401480e4d3fd34d54fa8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_elementtree.pyd
| MD5 | ad2229ca1802fc2408b59d9ec9460cea |
| SHA1 | f090c8647c2f21c2d46384b9562238559846d793 |
| SHA256 | d175def644ad25a6447b3c84fd0aafd75f8f9adf177f3ae9c78d61bfed04b8a0 |
| SHA512 | 7168cf9ca6ac49f935303e741b3f0e4edee384a2fa64fb4100eebda0e012b4b5aa1a08acba62643debc638c25c6462393ddcd132f7a02c5ed207cd37fda8d895 |
memory/3216-1330-0x00007FF846900000-0x00007FF8469B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_decimal.pyd
| MD5 | f65d2fed5417feb5fa8c48f106e6caf7 |
| SHA1 | 9260b1535bb811183c9789c23ddd684a9425ffaa |
| SHA256 | 574fe8e01054a5ba07950e41f37e9cf0aea753f20fe1a31f58e19202d1f641d8 |
| SHA512 | 030502fa4895e0d82c8cce00e78831fc3b2e6d956c8cc3b9fb5e50cb23ef07cd6942949a9f16d02da6908523d9d4ef5f722fb1336d4a80cd944c9f0cb11239ab |
memory/3216-1333-0x00007FF856C10000-0x00007FF856C36000-memory.dmp
memory/3216-1334-0x00007FF8467E0000-0x00007FF8468F8000-memory.dmp
memory/3216-1332-0x00007FF856E00000-0x00007FF856E0B000-memory.dmp
memory/3216-1331-0x00007FF857240000-0x00007FF85724D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_cffi_backend.cp310-win_amd64.pyd
| MD5 | d968ebcdbec08ebaa42356ca155ac6a1 |
| SHA1 | 7953a0a9c7c38349d629968a1dbd7e3bf9e9933c |
| SHA256 | 670379d72b8ac580f237a7236c4b51933b2576e8dd7689e09b9e58d55818a979 |
| SHA512 | 5dbfb6e928f8b96d03dd4dabf2c21f8e22a3e0983152c167e768e9e1b6771432d706d5250032ba3ffb067198fb2a18bf3e05b09ddbc84c2ec945f3d865a57ef7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_asyncio.pyd
| MD5 | bac1b37093d9a3d8a69c4449067daf79 |
| SHA1 | 6debc17c8446915b7413685da449f028cf284549 |
| SHA256 | b4130ab50e425027634a8a4c01c320a70b8529f2988c3a7fb053e07847b68089 |
| SHA512 | 24e108ed396c15fe70a4c915a5adadbfaddacab93d20109574b2f3875ed76225f2444098f2f2c47613f5df16d31c5c93dcc77f5af7b6d9b7739d1e392260ec59 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\zlib1.dll
| MD5 | ee06185c239216ad4c70f74e7c011aa6 |
| SHA1 | 40e66b92ff38c9b1216511d5b1119fe9da6c2703 |
| SHA256 | 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466 |
| SHA512 | baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\VCRUNTIME140_1.dll
| MD5 | bba9680bc310d8d25e97b12463196c92 |
| SHA1 | 9a480c0cf9d377a4caedd4ea60e90fa79001f03a |
| SHA256 | e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab |
| SHA512 | 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\unicodedata.pyd
| MD5 | 7a462a10aa1495cef8bfca406fb3637e |
| SHA1 | 6dcbd46198b89ef3007c76deb42ab10ba4c4cf40 |
| SHA256 | 459bca991fcb88082d49d22cc6ebffe37381a5bd3efcc77c5a52f7a4bb3184c0 |
| SHA512 | d2b7c6997b4bd390257880a6f3336e88d1dd7159049811f8d7c54e3623e9b033e18e8922422869c81de72fc8c10890c173d8a958d192dd03bfc57cffaea1ac7b |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\tk86t.dll
| MD5 | 19adc6ec8b32110665dffe46c828c09f |
| SHA1 | 964eca5250e728ea2a0d57dda95b0626f5b7bf09 |
| SHA256 | 6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7 |
| SHA512 | 4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\tcl86t.dll
| MD5 | 2ac611c106c5271a3789c043bf36bf76 |
| SHA1 | 1f549bff37baf84c458fc798a8152cc147aadf6e |
| SHA256 | 7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6 |
| SHA512 | 3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\sqlite3.dll
| MD5 | bd2819965b59f015ec4233be2c06f0c1 |
| SHA1 | cff965068f1659d77be6f4942ca1ada3575ca6e2 |
| SHA256 | ab072d20cee82ae925dae78fd41cae7cd6257d14fd867996382a69592091d8ec |
| SHA512 | f7758bd71d2ad236bf3220db0ad26f3866d9977eab311a5912f6e079b59fa918735c852de6dbf7b5fee9e04124bc0cd438c4c71edc0c04309330108ba0085d59 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_ttf.dll
| MD5 | eb0ce62f775f8bd6209bde245a8d0b93 |
| SHA1 | 5a5d039e0c2a9d763bb65082e09f64c8f3696a71 |
| SHA256 | 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a |
| SHA512 | 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_mixer.dll
| MD5 | b7b45f61e3bb00ccd4ca92b2a003e3a3 |
| SHA1 | 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc |
| SHA256 | 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095 |
| SHA512 | d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2_image.dll
| MD5 | 25e2a737dcda9b99666da75e945227ea |
| SHA1 | d38e086a6a0bacbce095db79411c50739f3acea4 |
| SHA256 | 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c |
| SHA512 | 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8 |
memory/3216-1335-0x00007FF852AB0000-0x00007FF852AE8000-memory.dmp
memory/3216-1336-0x00007FF8563D0000-0x00007FF8563DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\SDL2.dll
| MD5 | 2b13a3f2fc8f9cdb3161374c4bc85f86 |
| SHA1 | 9039a90804dba7d6abb2bcf3068647ba8cab8901 |
| SHA256 | 110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6 |
| SHA512 | 2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\pyexpat.pyd
| MD5 | 9cbd08544dce0712557d8ab3fa0d2d15 |
| SHA1 | cff5ea26bd61330146451390d6cecbda1c102c57 |
| SHA256 | 77813956d86430e1d850989eca1ace8641b7523ecbe1de825bd2fd7094f15f2c |
| SHA512 | e9879b10f26b4205d389de77a978135d285339d971ddae6050cd8453aecf7ed8e39834a685c77aa1beddb8d7d922f4390278c772beb9cd0bfbd7cc8a77c7fc90 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\portmidi.dll
| MD5 | 0df0699727e9d2179f7fd85a61c58bdf |
| SHA1 | 82397ee85472c355725955257c0da207fa19bf59 |
| SHA256 | 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61 |
| SHA512 | 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libwebp-7.dll
| MD5 | b0dd211ec05b441767ea7f65a6f87235 |
| SHA1 | 280f45a676c40bd85ed5541ceb4bafc94d7895f3 |
| SHA256 | fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e |
| SHA512 | eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libtiff-5.dll
| MD5 | ebad1fa14342d14a6b30e01ebc6d23c1 |
| SHA1 | 9c4718e98e90f176c57648fa4ed5476f438b80a7 |
| SHA256 | 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca |
| SHA512 | 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libssl-1_1.dll
| MD5 | eac369b3fde5c6e8955bd0b8e31d0830 |
| SHA1 | 4bf77158c18fe3a290e44abd2ac1834675de66b4 |
| SHA256 | 60771fb23ee37b4414d364e6477490324f142a907308a691f3dd88dc25e38d6c |
| SHA512 | c51f05d26fda5e995fe6763877d4fcdb89cd92ef2d6ee997e49cc1ee7a77146669d26ec00ad76f940ef55adae82921dede42e55f51bd10d1283ecfe7c5009778 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libpng16-16.dll
| MD5 | 55009dd953f500022c102cfb3f6a8a6c |
| SHA1 | 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb |
| SHA256 | 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2 |
| SHA512 | 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopusfile-0.dll
| MD5 | 2d5274bea7ef82f6158716d392b1be52 |
| SHA1 | ce2ff6e211450352eec7417a195b74fbd736eb24 |
| SHA256 | 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5 |
| SHA512 | 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopus-0.x64.dll
| MD5 | e56f1b8c782d39fd19b5c9ade735b51b |
| SHA1 | 3d1dc7e70a655ba9058958a17efabe76953a00b4 |
| SHA256 | fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732 |
| SHA512 | b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libopus-0.dll
| MD5 | 3fb9d9e8daa2326aad43a5fc5ddab689 |
| SHA1 | 55523c665414233863356d14452146a760747165 |
| SHA256 | fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491 |
| SHA512 | f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libcrypto-1_1.dll
| MD5 | daa2eed9dceafaef826557ff8a754204 |
| SHA1 | 27d668af7015843104aa5c20ec6bbd30f673e901 |
| SHA256 | 4dab915333d42f071fe466df5578fd98f38f9e0efa6d9355e9b4445ffa1ca914 |
| SHA512 | 7044715550b7098277a015219688c7e7a481a60e4d29f5f6558b10c7ac29195c6d5377dc234da57d9def0c217bb3d7feca332a64d632ca105503849f15e057ea |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\crypto_clipper.json
| MD5 | 8bff94a9573315a9d1820d9bb710d97f |
| SHA1 | e69a43d343794524b771d0a07fd4cb263e5464d5 |
| SHA256 | 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7 |
| SHA512 | d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_lzma.pyd
| MD5 | 6f810f46f308f7c6ccddca45d8f50039 |
| SHA1 | 6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea |
| SHA256 | 39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76 |
| SHA512 | c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878 |
memory/3216-1275-0x00007FF856EA0000-0x00007FF856EB9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI43562\select.pyd
| MD5 | 666358e0d7752530fc4e074ed7e10e62 |
| SHA1 | b9c6215821f5122c5176ce3cf6658c28c22d46ba |
| SHA256 | 6615c62fa010bfba5527f5da8af97313a1af986f8564277222a72a1731248841 |
| SHA512 | 1d3d35c095892562ddd2868fbd08473e48b3bb0cb64ef9ccc5550a06c88dda0d82383a1316b6c5584a49ca28ed1ef1e5ca94ec699a423a001ccd952bd6bd553d |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_lzma.pyd
| MD5 | 6f810f46f308f7c6ccddca45d8f50039 |
| SHA1 | 6ee24ff6d1c95ba67e1275bb82b9d539a7f56cea |
| SHA256 | 39497259b87038e86c53e7a39a0b5bbbfcebe00b2f045a148041300b31f33b76 |
| SHA512 | c692367a26415016e05ebe828309d3ffec290c6d2fd8cc7419d529a51b0beda00ccdc327c9f187ae3ca0cc96336d23d84a8ff95b729c8958b14fb91b6da9e878 |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\_bz2.pyd
| MD5 | 93fe6d3a67b46370565db12a9969d776 |
| SHA1 | ff520df8c24ed8aa6567dd0141ef65c4ea00903b |
| SHA256 | 92ec61ca9ac5742e0848a6bbb9b6b4cda8e039e12ab0f17fb9342d082dde471b |
| SHA512 | 5c91b56198a8295086c61b4f4e9f16900a7ec43ca4b84e793bc8a3fc8676048cab576e936515bf2971318c7847f1314674b3336fe83b1734f9f70d09615519ac |
C:\Users\Admin\AppData\Local\Temp\_MEI43562\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/3216-1271-0x00007FF858F30000-0x00007FF858F54000-memory.dmp
memory/3216-1337-0x00007FF856240000-0x00007FF85624C000-memory.dmp
memory/3216-1339-0x00007FF84DDE0000-0x00007FF84DDEC000-memory.dmp
memory/3216-1338-0x00007FF84FF40000-0x00007FF84FF4B000-memory.dmp
memory/3216-1340-0x00007FF84DDD0000-0x00007FF84DDDB000-memory.dmp
memory/3216-1341-0x00007FF84D740000-0x00007FF84D74C000-memory.dmp
memory/3216-1342-0x00007FF84D730000-0x00007FF84D73D000-memory.dmp
memory/3216-1343-0x00007FF84D720000-0x00007FF84D72E000-memory.dmp
memory/3216-1345-0x00007FF84D6F0000-0x00007FF84D6FB000-memory.dmp
memory/3216-1344-0x00007FF84D700000-0x00007FF84D70C000-memory.dmp
memory/3216-1346-0x00007FF84D6E0000-0x00007FF84D6EB000-memory.dmp
memory/3216-1347-0x00007FF8483C0000-0x00007FF8483CC000-memory.dmp
memory/3216-1348-0x00007FF8483B0000-0x00007FF8483BC000-memory.dmp
memory/3216-1349-0x00007FF8483A0000-0x00007FF8483AD000-memory.dmp
memory/3216-1351-0x00007FF848370000-0x00007FF84837C000-memory.dmp
memory/3216-1352-0x00007FF848360000-0x00007FF848370000-memory.dmp
memory/3216-1350-0x00007FF848380000-0x00007FF848392000-memory.dmp
memory/3216-1354-0x00007FF856E70000-0x00007FF856E9D000-memory.dmp
memory/3216-1353-0x00007FF85C300000-0x00007FF85C30F000-memory.dmp
memory/3216-1356-0x00007FF856B10000-0x00007FF856B1B000-memory.dmp
memory/3216-1355-0x00007FF8469C0000-0x00007FF846D35000-memory.dmp
memory/3216-1357-0x00007FF84D710000-0x00007FF84D71C000-memory.dmp
memory/3216-1358-0x00007FF848190000-0x00007FF8481A5000-memory.dmp
memory/3216-1359-0x00007FF847B90000-0x00007FF847BA4000-memory.dmp
memory/3216-1360-0x00007FF847B60000-0x00007FF847B82000-memory.dmp
memory/3216-1361-0x00007FF847970000-0x00007FF847989000-memory.dmp
memory/3216-1362-0x00007FF8477E0000-0x00007FF8477F1000-memory.dmp
memory/3216-1364-0x00007FF846730000-0x00007FF84674C000-memory.dmp
memory/3216-1363-0x00007FF847960000-0x00007FF84796A000-memory.dmp
memory/3216-1365-0x00007FF846670000-0x00007FF84669E000-memory.dmp
memory/3216-1366-0x00007FF8464D0000-0x00007FF846641000-memory.dmp
memory/3216-1367-0x00007FF847990000-0x00007FF8479A7000-memory.dmp
memory/3216-1368-0x00007FF847800000-0x00007FF847849000-memory.dmp
memory/3216-1370-0x00007FF8466A0000-0x00007FF8466C9000-memory.dmp
memory/3216-1369-0x00007FF8466D0000-0x00007FF84672D000-memory.dmp
memory/3216-1373-0x00007FF8464A0000-0x00007FF8464AB000-memory.dmp
memory/3216-1372-0x00007FF8464B0000-0x00007FF8464C8000-memory.dmp
memory/3216-1371-0x00007FF846650000-0x00007FF84666F000-memory.dmp
memory/3216-1374-0x00007FF846490000-0x00007FF84649C000-memory.dmp
memory/3216-1375-0x00007FF846480000-0x00007FF84648B000-memory.dmp
memory/3216-1376-0x00007FF846470000-0x00007FF84647C000-memory.dmp
memory/3216-1377-0x00007FF846460000-0x00007FF84646B000-memory.dmp
memory/3216-1378-0x00007FF846450000-0x00007FF84645C000-memory.dmp
memory/3216-1379-0x00007FF846440000-0x00007FF84644D000-memory.dmp
memory/3216-1381-0x00007FF846420000-0x00007FF84642C000-memory.dmp
memory/3216-1380-0x00007FF846430000-0x00007FF84643E000-memory.dmp
memory/3216-1382-0x00007FF846410000-0x00007FF84641C000-memory.dmp
memory/3216-1383-0x00007FF846400000-0x00007FF84640B000-memory.dmp
memory/3216-1384-0x00007FF8463F0000-0x00007FF8463FB000-memory.dmp
memory/3216-1385-0x00007FF8463E0000-0x00007FF8463EC000-memory.dmp
memory/3216-1386-0x00007FF8463D0000-0x00007FF8463DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ehuxqmh.jxp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3216-1519-0x00007FF846D40000-0x00007FF8471AE000-memory.dmp
memory/3216-1520-0x00007FF858F30000-0x00007FF858F54000-memory.dmp
memory/3216-1521-0x00007FF85C300000-0x00007FF85C30F000-memory.dmp
memory/3216-1522-0x00007FF856EA0000-0x00007FF856EB9000-memory.dmp
memory/3216-1523-0x00007FF856E70000-0x00007FF856E9D000-memory.dmp
memory/3216-1524-0x00007FF856E10000-0x00007FF856E24000-memory.dmp
memory/3216-1525-0x00007FF8469C0000-0x00007FF846D35000-memory.dmp
memory/3216-1527-0x00007FF8589C0000-0x00007FF8589CD000-memory.dmp
memory/3216-1526-0x00007FF856CE0000-0x00007FF856CF9000-memory.dmp
memory/3216-1529-0x00007FF846900000-0x00007FF8469B8000-memory.dmp
memory/3216-1530-0x00007FF857240000-0x00007FF85724D000-memory.dmp
memory/3216-1531-0x00007FF856E00000-0x00007FF856E0B000-memory.dmp
memory/3216-1532-0x00007FF856C10000-0x00007FF856C36000-memory.dmp
memory/3216-1528-0x00007FF856CB0000-0x00007FF856CDE000-memory.dmp
memory/3216-1533-0x00007FF8467E0000-0x00007FF8468F8000-memory.dmp
memory/3216-1534-0x00007FF852AB0000-0x00007FF852AE8000-memory.dmp
memory/3216-1535-0x00007FF848190000-0x00007FF8481A5000-memory.dmp
memory/3216-1536-0x00007FF848360000-0x00007FF848370000-memory.dmp
memory/3216-1538-0x00007FF847B60000-0x00007FF847B82000-memory.dmp
memory/3216-1537-0x00007FF847B90000-0x00007FF847BA4000-memory.dmp
memory/3216-1539-0x00007FF847990000-0x00007FF8479A7000-memory.dmp
memory/3216-1540-0x00007FF847970000-0x00007FF847989000-memory.dmp
memory/3216-1541-0x00007FF847800000-0x00007FF847849000-memory.dmp
memory/3216-1542-0x00007FF8477E0000-0x00007FF8477F1000-memory.dmp
memory/3216-1543-0x00007FF847960000-0x00007FF84796A000-memory.dmp
memory/3216-1544-0x00007FF846730000-0x00007FF84674C000-memory.dmp
memory/3216-1545-0x00007FF8466D0000-0x00007FF84672D000-memory.dmp
memory/3216-1546-0x00007FF8466A0000-0x00007FF8466C9000-memory.dmp
memory/3216-1547-0x00007FF846670000-0x00007FF84669E000-memory.dmp
memory/3216-1548-0x00007FF846650000-0x00007FF84666F000-memory.dmp
memory/3216-1549-0x00007FF8464D0000-0x00007FF846641000-memory.dmp
memory/3216-1550-0x00007FF8464B0000-0x00007FF8464C8000-memory.dmp
memory/3216-1551-0x00007FF8460E0000-0x00007FF846114000-memory.dmp
memory/3216-1552-0x00007FF846020000-0x00007FF8460DC000-memory.dmp
memory/3216-1554-0x00007FF845D60000-0x00007FF845FE3000-memory.dmp
memory/3216-1553-0x00007FF845FF0000-0x00007FF84601B000-memory.dmp
memory/3216-1555-0x00007FF8456F0000-0x00007FF845D58000-memory.dmp
memory/3216-1556-0x00007FF845690000-0x00007FF8456E5000-memory.dmp
memory/3216-1557-0x00007FF845380000-0x00007FF84565F000-memory.dmp
memory/3216-1558-0x00007FF843280000-0x00007FF845373000-memory.dmp
memory/3216-1559-0x00007FF843260000-0x00007FF843277000-memory.dmp
memory/3216-1560-0x00007FF843230000-0x00007FF843251000-memory.dmp
memory/3216-1561-0x00007FF843200000-0x00007FF843222000-memory.dmp
memory/3216-1562-0x00007FF843160000-0x00007FF8431FC000-memory.dmp
memory/3216-1563-0x00007FF843130000-0x00007FF843160000-memory.dmp
memory/3216-1565-0x00007FF8430A0000-0x00007FF8430E8000-memory.dmp
memory/3216-1564-0x00007FF8430F0000-0x00007FF843123000-memory.dmp
memory/3216-1567-0x00007FF843080000-0x00007FF84309A000-memory.dmp
memory/3216-1656-0x00007FF843040000-0x00007FF84305D000-memory.dmp
memory/3216-1657-0x00007FF843020000-0x00007FF843033000-memory.dmp
memory/3216-1664-0x00007FF842F60000-0x00007FF843014000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI38322\cryptography-41.0.5.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/3216-1701-0x00007FF842B30000-0x00007FF842F3F000-memory.dmp
memory/3216-1707-0x00007FF842A90000-0x00007FF842B27000-memory.dmp
memory/3216-1714-0x00007FF842A40000-0x00007FF842A8B000-memory.dmp
memory/3216-1693-0x00007FF842F40000-0x00007FF842F5A000-memory.dmp
memory/3216-1650-0x00007FF843060000-0x00007FF843079000-memory.dmp
memory/3216-1715-0x000002BAAF1B0000-0x000002BAB10A3000-memory.dmp
memory/3216-1763-0x00007FF840A90000-0x00007FF840B39000-memory.dmp
memory/3216-1791-0x00007FF83F020000-0x00007FF83F246000-memory.dmp
memory/3216-1795-0x00007FF840A10000-0x00007FF840A8B000-memory.dmp
memory/3216-1796-0x00007FF83FA00000-0x00007FF83FA89000-memory.dmp
memory/3216-1797-0x00007FF83F9B0000-0x00007FF83F9F8000-memory.dmp
memory/3216-1846-0x00007FF83F960000-0x00007FF83F9A4000-memory.dmp
memory/3216-1859-0x00007FF83F910000-0x00007FF83F952000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jumpscare.mp4
| MD5 | 5ac44ced534a47dc15b18990d8af0e49 |
| SHA1 | 11add282a818408965d4455333a7d3d6e30923f1 |
| SHA256 | bea9d33028271f219a9c1786489dbfe8fa7191ba2fe2fbf8bd291130889a6448 |
| SHA512 | 0ac4256e7dcc6697e7bb6d118a6cd6dbbfe2601a6487512d2c0ca3d73bc6ed4bc3f61d1c76e1c4316ec15c6bc3c5749fd8faf8636bc556a16844811586e21998 |
C:\Users\Admin\folderppa\ss.png
| MD5 | be9783016e10fa842b77e1edba73b61c |
| SHA1 | 696381084381866e1361147441689940c61302ab |
| SHA256 | 52babb1ca1cfa0c0fdeaaa74ecfa9186a963c0f48a5e83807df565ca1220cb52 |
| SHA512 | e47e4d1035980ceb93f5329314d27d8162074af0e1e4e344b2bc37cdd274809bbd18cdd6c81276bd3c5a3febd7ff35e304dd5513270e212ec8cd8ffc20862411 |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.FrU684
| MD5 | ae94903b853f079589e8af69a4ef186e |
| SHA1 | c36cebebc2705336c3e3467d7d89f82c076a7117 |
| SHA256 | bb4d6e0ac3a2292608774645e6c54a8d23192b138c72907e44201ed4ccf34fa9 |
| SHA512 | 8adcd2c52988ec157634717d04d5ed8a0c72f1fe979d7e642097dd53173c75d6818acd6cec7ae472acfa77a4b7d31479aeb9dc5d658bcc4f40d056ee23960f75 |
C:\Users\Admin\folderppa\ss.png
| MD5 | cba891dcb5c235616cf1bf5b6eb77dcf |
| SHA1 | 2fc0b7f7b7e6dd0a219ac856315549ccf2366da2 |
| SHA256 | 44eed918dda132299352d7404c28e16f7f8c8f53fe431d6f2489b86c788f74a7 |
| SHA512 | cb9399b43f4daae18b704566f10c8aba8e631011c142cc6a16fc12169578d598bd719f6fabb9737e6a2531cde138dc2e5c206d980d8924c6f377bd2261168cb4 |
C:\Users\Admin\folderppa\rec_\22.11.2023_20.56.wav
| MD5 | b00580dbc88962975a4ed271d22cd391 |
| SHA1 | dcccc22ba97d7ce320ab98ea3f0245cf80a2b839 |
| SHA256 | ec32bc9ba1963e716ba7f23bc1170068c2e8a7e3c5bc83ea9fef95242e8cde89 |
| SHA512 | 1d83e0d44b84f3bac7efc18c14d3e198daab1618caffc8ebc490962cce52fd586d09d9187ea49e3f0274cf61fd5c2176edf9c1d8ce203752bfe65bf32714c7c1 |
C:\Users\Admin\folderppa\ss.png
| MD5 | 857cf5a66e937a9a139ec31cdc9106e9 |
| SHA1 | 6c557130f303ab429a06bf9fa4b249579b35f8b8 |
| SHA256 | 7efdbbfeb59ec43fc9584c5027bfb5a906d7980f68ffa20f617083617c6cf574 |
| SHA512 | 9b4f912380f7120c28bf24cd2c87887bd533845b6aa94e6b9de0ce44df6497741f917697ccc7fa72b245fdc1ceadb49747e48f514d74e2a941de93256ecf608c |