Malware Analysis Report

2025-01-18 21:12

Sample ID 240325-c8kj1sha3v
Target dd0bd857c066bfb0529440edf8b3b60d
SHA256 d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf
Tags
adware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf

Threat Level: Shows suspicious behavior

The file dd0bd857c066bfb0529440edf8b3b60d was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware stealer

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Drops file in System32 directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-25 02:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-25 02:44

Reported

2024-03-25 02:47

Platform

win7-20240221-en

Max time kernel

1s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File created C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1704 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 1704 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 1704 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 1704 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 1704 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1704 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1704 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1704 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4112 wrote to memory of 4188 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4112 wrote to memory of 4188 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4112 wrote to memory of 4188 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4112 wrote to memory of 4188 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4112 wrote to memory of 4244 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4112 wrote to memory of 4244 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4112 wrote to memory of 4244 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4112 wrote to memory of 4244 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4244 wrote to memory of 4304 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4244 wrote to memory of 4304 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4244 wrote to memory of 4304 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4244 wrote to memory of 4304 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4244 wrote to memory of 5680 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4244 wrote to memory of 5680 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4244 wrote to memory of 5680 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4244 wrote to memory of 5680 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5680 wrote to memory of 5740 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5680 wrote to memory of 5740 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5680 wrote to memory of 5740 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5680 wrote to memory of 5740 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5680 wrote to memory of 5792 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5680 wrote to memory of 5792 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5680 wrote to memory of 5792 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5680 wrote to memory of 5792 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5792 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5792 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5792 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5792 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe

"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259399741.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400116.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400194.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400506.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400864.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259404406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259410271.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259430973.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259431441.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259432579.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259435762.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259465215.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259445215.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259468070.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259475729.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259481221.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259499254.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259503092.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259506602.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259513560.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259534386.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259531640.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259541016.bat

Network

N/A

Files

memory/1704-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259399741.bat

MD5 09517fc62284f33e877a276463580bd1
SHA1 0b14fe1db4493818f9de0bf2a56ee5370b8d479a
SHA256 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238
SHA512 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d

C:\Windows\SysWOW64\s2da2f323.dll

MD5 2402303b6685d30f85acec2901b63013
SHA1 6a62f58a7cba15b8640d1585c95f62898e1ecf88
SHA256 18840ede56e3750980750e753d28eb29e17157905c93971b174e056c04ddf478
SHA512 89d2add5b900b97c4b59893375cf4d9ef819735d8a39932dbcf69b1cae51550fc8a35c1f506dba8351e7ab9c9bf38cedfaca2193ec4c0e011945ea36758ff400

\Windows\SysWOW64\simyaapi.exe

MD5 dd0bd857c066bfb0529440edf8b3b60d
SHA1 e9ec9ed4a053f8349c961817bcd8a1edc47cfb5f
SHA256 d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf
SHA512 859f7a6b6c527f0ccec07000a9524665501fae9bcfbce1ffc004fef6c27201f0771d036299f614a25ef7a11d997ee795c69150f98d78091d5c1072c763a7a9c4

memory/1704-1026-0x0000000000260000-0x000000000027C000-memory.dmp

memory/1704-1032-0x0000000000260000-0x000000000027C000-memory.dmp

memory/4112-1034-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 eeb404afadb048314fbe477d290565ec
SHA1 d37bea83e3645a29b17ef70daf17871108efc256
SHA256 8693bc67164416add5786c37eb24c33897c59fc0597eb0b12391b84776873c1e
SHA512 f460aa147dce30fae9b4d7d844010a023b779d5865fa1a044d18b9ec8809e1766335dc45cfed25c1d5537bc0fceacbb3be331cc4a26e61abf2a92dd0ac9d1fc1

C:\Windows\SysWOW64\s2da2f323.dll

MD5 265de060d4943474036b521641245800
SHA1 d3f06f497d5f172bc11a95a50662e2c3477914bc
SHA256 a3320e2d246b3133af7983b2d6e0fc226e42cbc6cd5f83a9d436229d81225f13
SHA512 53d697c5e0f5459b1afd9e031188d3b5b2c53e248cb8c36c2438fa84e04325332ad4a44e79f5250fce5f06361757d95bf2d5c4a2b6d55985cd22c62cbb3fa82d

memory/4112-1054-0x0000000000380000-0x000000000039C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 efc7d109e44305ca026668a0181ad3a4
SHA1 810116abcb094a578edb82fc1c2e1968dfdee780
SHA256 62180544f0a1997364c03639db0eb7e3ce64499775f81606da3264f48e7afa7f
SHA512 c9a26d47b2f5c58f477e4c9b13f38b293f1f71caf4bda5b1210f84ceca28637e9ad150b3866c6666e17d0907d8e0f52e437fadc3f73a5edb483c9eacf52c96be

memory/4244-2076-0x0000000000220000-0x000000000023C000-memory.dmp

memory/5680-2079-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 bff59449d42ada90f840dbfb976aec2b
SHA1 de90a78ec0151eb58f3909d24c842cec669c5155
SHA256 398882fe35b9864fa07c176f80cabd87379e297a6256fc5bf28310a6ba966ddb
SHA512 44091da6fb8e4af672b90068695cd1b66b641e8d1b7fa8ddd008f7feead6b3d271132acdf0308e653b68b9be63493bdfd807d1e9a94358ae0e25c9a9d8e50313

C:\Windows\SysWOW64\spmybapi.sys

MD5 8a6e47bfc58b251959e7ebf075693fba
SHA1 db845e3dcadaec204fd5fc995146c3091e4f65d0
SHA256 355f5a0b4065f9fb46a6982e3a6c1f14df8d62e1fcb48100ce486063bfe04c17
SHA512 aae00f0de8663c1b2c09518ea40da3f4e3b7bf38ba10d2a26c5303227cbb39f4988ee4d9cfad6d2b752bcaf960db92ea68ea8a42be90f0e55f4496e0e97f25d8

memory/5792-3122-0x0000000000260000-0x000000000027C000-memory.dmp

memory/5792-3138-0x0000000000260000-0x000000000027C000-memory.dmp

memory/5680-2451-0x0000000000260000-0x000000000027C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 c860b2f4c85deba886dd6f1ab08d1b5e
SHA1 47528b49f157bd6f1f09afb345aec0230dd7f88b
SHA256 70ec523c08a0a7940216ad8921d70d32ba5192158afd0eba5437e95d4ad37f63
SHA512 15b1ee582f63d4e4e9bf9710d0f929c2bd00d9eaaafbf7684a163651e636731773ffb10b082b6eadce46a582767da85b7245ba9eba5b4868b6bf24d152368609

memory/4244-2093-0x0000000000220000-0x000000000023C000-memory.dmp

memory/4112-1052-0x0000000000380000-0x000000000039C000-memory.dmp

memory/5376-4162-0x0000000000260000-0x000000000027C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259431441.bat

MD5 8dadf8ce78352e9645dd4e88f23c2745
SHA1 92a445f8a94480f1eb5c382c802743d5efb6ab56
SHA256 0128ae46611ae0b3d1a3a12b00f5ffddcc3e64449a6c32cf1d6b7ff0388cd1c7
SHA512 c8bbf95ba1fe598b1a60ce08f70da856ed5a9e15f53b493d823bf39ce56dc393631374f530603e416b57af1e8609549d64ebc578eccafddf3208baa224b7d667

memory/5508-4205-0x0000000000420000-0x000000000043C000-memory.dmp

memory/5376-4188-0x0000000000260000-0x000000000027C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 f3b72685d224d686f056f165b8d3c279
SHA1 5c51173cce0ad847d7f4667b37b4d3a2368f2852
SHA256 35a27472d438c31c5efb06663c847ffcd2520271c7344a5476977f0b2b697ffb
SHA512 7da9502be03f539e74a4c2150b06684c99c298bc54d4c9fc8f2aa602e0016e2dd0e0132b8bb5cb350e308357981036427e86f3dd8d1b4c6370cc28abfbf0bb69

memory/1704-4204-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5680-4185-0x0000000000260000-0x000000000027C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259430973.bat

MD5 5acada48d37f71a3351c954a4bae360e
SHA1 e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1
SHA256 b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133
SHA512 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0

C:\Windows\SysWOW64\spmybapi.sys

MD5 7d86339e724f45eae62b96af05ea99f3
SHA1 e09a24b2bd9eee772f1df710a9c2c39175d6aafb
SHA256 a740ee1e7a6483a463001597f73eadfc2965b501d0b7f5c7fda663e44b9b2539
SHA512 d01cd7eebae0a03fd247e6d383ea9c1cb764626a43708b3f9d908db580641c986640a99dd133c5b2633db9ff7d5a16fad29b5e50fe6d44d92771b353ec86eb57

memory/1704-4226-0x0000000000260000-0x000000000027C000-memory.dmp

memory/5404-4224-0x00000000005B0000-0x00000000005CC000-memory.dmp

memory/5508-4222-0x0000000000420000-0x000000000043C000-memory.dmp

memory/1704-5259-0x0000000000260000-0x000000000027C000-memory.dmp

memory/5732-5273-0x00000000002F0000-0x000000000030C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 08519d784c6cb054a887f1ed06203e66
SHA1 ad92340baae8ff064dd7b86862eb8972bbb72e86
SHA256 48ab2ab94e913997c501f6e9fbbbcdaaf8c08b3e9e9a6720f34185cef4f327eb
SHA512 b07b28d8e633612a4ef4c42daa264fd46423cb43e6694bb922014d65c277eae2a06b2840941b431c285dee3190ff0bc1b55276e43264d2226bf1400aa5460c06

memory/1580-5282-0x0000000000260000-0x000000000027C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 e9536358450a7dfa95d4e921dbe9d98a
SHA1 8b4a46985b2b6ca068d7f669c4be8daec2d30aca
SHA256 19a43dcbb3c5968929540717f195b4fcbd4ec6b3d358b85928ff818c8f4d8571
SHA512 05dbfa4b934797ea7d8565a01ec9f89761ed793adb355d95c228cf277e9d66702d36b57fd4caeb31e82775fefcc2659cae15a9b8680ee0ab7ab21b69618fb768

memory/5564-6306-0x00000000002E0000-0x00000000002FC000-memory.dmp

memory/5564-6307-0x00000000002E0000-0x00000000002FC000-memory.dmp

memory/5960-7355-0x0000000000260000-0x000000000027C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-25 02:44

Reported

2024-03-25 02:47

Platform

win10v2004-20240226-en

Max time kernel

3s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"

Signatures

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Windows\SysWOW64\simyaapi.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File created C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmybapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\s2da2f323.dll C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\s2da2f323.dll C:\Windows\SysWOW64\simyaapi.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4964 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 4964 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 4964 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\cmd.exe
PID 4964 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4964 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4964 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1476 wrote to memory of 4100 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1476 wrote to memory of 4100 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1476 wrote to memory of 4100 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1476 wrote to memory of 3452 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1476 wrote to memory of 3452 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1476 wrote to memory of 3452 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3452 wrote to memory of 3688 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3452 wrote to memory of 3688 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3452 wrote to memory of 3688 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3452 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3452 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3452 wrote to memory of 5844 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5844 wrote to memory of 5480 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5844 wrote to memory of 5480 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5844 wrote to memory of 5480 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5844 wrote to memory of 7944 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5844 wrote to memory of 7944 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5844 wrote to memory of 7944 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7944 wrote to memory of 8000 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7944 wrote to memory of 8000 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7944 wrote to memory of 8000 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7944 wrote to memory of 7784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7944 wrote to memory of 7784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7944 wrote to memory of 7784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7784 wrote to memory of 7828 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7784 wrote to memory of 7828 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7784 wrote to memory of 7828 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7784 wrote to memory of 7700 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7784 wrote to memory of 7700 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7784 wrote to memory of 7700 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7700 wrote to memory of 7748 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7700 wrote to memory of 7748 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7700 wrote to memory of 7748 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe

"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612328.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613562.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616578.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617328.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618359.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620515.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620890.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621218.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621531.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622093.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623046.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625062.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626500.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627781.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628453.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628796.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630093.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630531.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630906.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631187.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633062.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633781.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634578.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635265.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637843.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638281.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639531.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639890.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640984.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641015.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641406.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641843.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641890.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642828.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642890.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643312.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643640.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644093.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645312.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645718.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645953.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646515.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647000.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647468.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647578.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647859.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647921.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648343.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648453.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648906.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649359.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649734.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650250.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650296.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651109.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651515.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651734.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651781.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652109.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652281.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652609.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653296.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653562.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653828.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654171.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654281.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654640.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655031.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655109.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655562.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656000.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656578.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657703.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658062.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658312.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658718.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658750.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659218.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659406.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659890.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660375.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660421.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660906.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661156.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661375.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661765.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661796.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662593.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662796.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662953.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663218.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663687.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664484.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665328.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666218.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668453.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668609.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669265.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669734.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670421.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670875.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670953.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671296.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672484.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673484.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674046.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675406.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675828.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676296.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676609.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676671.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677156.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677609.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678015.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678062.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679546.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679859.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680187.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680375.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680406.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680609.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681015.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681250.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681343.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681453.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681484.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681515.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681546.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681578.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681796.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681843.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681968.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682125.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682218.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682250.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682312.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682531.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682734.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682937.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683015.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683328.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683437.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683468.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683578.bat

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/4964-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\s2da2f323.dll

MD5 53108880a2534e53e3f881482e6ff58d
SHA1 e851a2a9e5404560c470900e15519494a17655e0
SHA256 e70cca220d3d4ce995406bb876b4b3c8c64f1c99bc7420d5d7eaf75aa8fc9a3b
SHA512 0e79f1fc344f4afdd2b999d02b1749e4e90ee20524c2b18528cfe997f2517995f9a6cb7dc87f895e38e601f0be6d1b07dc42cc310e37b6d79eef3efd913f3b90

C:\Users\Admin\AppData\Local\Temp\~DFD240609937.bat

MD5 09517fc62284f33e877a276463580bd1
SHA1 0b14fe1db4493818f9de0bf2a56ee5370b8d479a
SHA256 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238
SHA512 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d

C:\Windows\SysWOW64\simyaapi.exe

MD5 dd0bd857c066bfb0529440edf8b3b60d
SHA1 e9ec9ed4a053f8349c961817bcd8a1edc47cfb5f
SHA256 d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf
SHA512 859f7a6b6c527f0ccec07000a9524665501fae9bcfbce1ffc004fef6c27201f0771d036299f614a25ef7a11d997ee795c69150f98d78091d5c1072c763a7a9c4

C:\Windows\SysWOW64\spmybapi.sys

MD5 eeb404afadb048314fbe477d290565ec
SHA1 d37bea83e3645a29b17ef70daf17871108efc256
SHA256 8693bc67164416add5786c37eb24c33897c59fc0597eb0b12391b84776873c1e
SHA512 f460aa147dce30fae9b4d7d844010a023b779d5865fa1a044d18b9ec8809e1766335dc45cfed25c1d5537bc0fceacbb3be331cc4a26e61abf2a92dd0ac9d1fc1

C:\Windows\SysWOW64\s2da2f323.dll

MD5 265de060d4943474036b521641245800
SHA1 d3f06f497d5f172bc11a95a50662e2c3477914bc
SHA256 a3320e2d246b3133af7983b2d6e0fc226e42cbc6cd5f83a9d436229d81225f13
SHA512 53d697c5e0f5459b1afd9e031188d3b5b2c53e248cb8c36c2438fa84e04325332ad4a44e79f5250fce5f06361757d95bf2d5c4a2b6d55985cd22c62cbb3fa82d

memory/3452-2041-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 efc7d109e44305ca026668a0181ad3a4
SHA1 810116abcb094a578edb82fc1c2e1968dfdee780
SHA256 62180544f0a1997364c03639db0eb7e3ce64499775f81606da3264f48e7afa7f
SHA512 c9a26d47b2f5c58f477e4c9b13f38b293f1f71caf4bda5b1210f84ceca28637e9ad150b3866c6666e17d0907d8e0f52e437fadc3f73a5edb483c9eacf52c96be

memory/5844-3060-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 c860b2f4c85deba886dd6f1ab08d1b5e
SHA1 47528b49f157bd6f1f09afb345aec0230dd7f88b
SHA256 70ec523c08a0a7940216ad8921d70d32ba5192158afd0eba5437e95d4ad37f63
SHA512 15b1ee582f63d4e4e9bf9710d0f929c2bd00d9eaaafbf7684a163651e636731773ffb10b082b6eadce46a582767da85b7245ba9eba5b4868b6bf24d152368609

memory/7944-4078-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 bff59449d42ada90f840dbfb976aec2b
SHA1 de90a78ec0151eb58f3909d24c842cec669c5155
SHA256 398882fe35b9864fa07c176f80cabd87379e297a6256fc5bf28310a6ba966ddb
SHA512 44091da6fb8e4af672b90068695cd1b66b641e8d1b7fa8ddd008f7feead6b3d271132acdf0308e653b68b9be63493bdfd807d1e9a94358ae0e25c9a9d8e50313

memory/7784-5224-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 8a6e47bfc58b251959e7ebf075693fba
SHA1 db845e3dcadaec204fd5fc995146c3091e4f65d0
SHA256 355f5a0b4065f9fb46a6982e3a6c1f14df8d62e1fcb48100ce486063bfe04c17
SHA512 aae00f0de8663c1b2c09518ea40da3f4e3b7bf38ba10d2a26c5303227cbb39f4988ee4d9cfad6d2b752bcaf960db92ea68ea8a42be90f0e55f4496e0e97f25d8

C:\Windows\SysWOW64\spmybapi.sys

MD5 7d86339e724f45eae62b96af05ea99f3
SHA1 e09a24b2bd9eee772f1df710a9c2c39175d6aafb
SHA256 a740ee1e7a6483a463001597f73eadfc2965b501d0b7f5c7fda663e44b9b2539
SHA512 d01cd7eebae0a03fd247e6d383ea9c1cb764626a43708b3f9d908db580641c986640a99dd133c5b2633db9ff7d5a16fad29b5e50fe6d44d92771b353ec86eb57

C:\Windows\SysWOW64\spmybapi.sys

MD5 f3b72685d224d686f056f165b8d3c279
SHA1 5c51173cce0ad847d7f4667b37b4d3a2368f2852
SHA256 35a27472d438c31c5efb06663c847ffcd2520271c7344a5476977f0b2b697ffb
SHA512 7da9502be03f539e74a4c2150b06684c99c298bc54d4c9fc8f2aa602e0016e2dd0e0132b8bb5cb350e308357981036427e86f3dd8d1b4c6370cc28abfbf0bb69

C:\Windows\SysWOW64\spmybapi.sys

MD5 8153589e3d7ec98f3feb234ae75c2927
SHA1 64e491a4edc1f343e9fd94975172839ba1d30076
SHA256 a11077b534e116abf17bb7028305db305a2738719c69b4efa6eefbed1759b692
SHA512 ab7bc53abf716b6f998c105e1ea1bbf7a1681a4f95d6d4c36bf97f5d095253430248af7a47dd1b8efb25332361a69d641c73674a9f79927ef9f5b577fa803c8a

C:\Windows\SysWOW64\spmybapi.sys

MD5 08519d784c6cb054a887f1ed06203e66
SHA1 ad92340baae8ff064dd7b86862eb8972bbb72e86
SHA256 48ab2ab94e913997c501f6e9fbbbcdaaf8c08b3e9e9a6720f34185cef4f327eb
SHA512 b07b28d8e633612a4ef4c42daa264fd46423cb43e6694bb922014d65c277eae2a06b2840941b431c285dee3190ff0bc1b55276e43264d2226bf1400aa5460c06

memory/4964-10188-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 e9536358450a7dfa95d4e921dbe9d98a
SHA1 8b4a46985b2b6ca068d7f669c4be8daec2d30aca
SHA256 19a43dcbb3c5968929540717f195b4fcbd4ec6b3d358b85928ff818c8f4d8571
SHA512 05dbfa4b934797ea7d8565a01ec9f89761ed793adb355d95c228cf277e9d66702d36b57fd4caeb31e82775fefcc2659cae15a9b8680ee0ab7ab21b69618fb768

C:\Windows\SysWOW64\spmybapi.sys

MD5 6859075333b457e54b1ec92193be3948
SHA1 b4c4f3bab0b40fa3cfe9a631977343d8ebca5195
SHA256 e70052fcd1b265afc1dd5c8149b39b3b0a7f62cc9e7b46de6ff071ebbffe8107
SHA512 72dcf49275a09cc4997955aea0c452647efb2f626b0bd4975e3e768c989ff59395319644d593678a1e3f7642fddcea76584484e70639027ce8bea3603c1d3f40

memory/5376-12226-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 c0e37a53819d39e7e25386068b6bdbe9
SHA1 55d71125a410e8f5bdb2f8d5f347cb1c2b590ead
SHA256 d0a7d100ff4958a4445332165ab8b532593ec8353bca5d72c6d3e52c7e8119e3
SHA512 60150f0a8f286926e4593e535354fcddde4aa81fa2a1349ff967edd1783cb2c8462940900377d15ab63ddce32202d1e3abbac1f218da77b83eb1f277f781942e

C:\Windows\SysWOW64\spmybapi.sys

MD5 40ec090270d0227febf55e1093a474c1
SHA1 5197ac7cb7353b8a93ba2fab7c9856d1c0ba017e
SHA256 0f684e03ba920eec7d470cc6c718cf69de0295a4ce03bc19161703a893014c66
SHA512 c5aab84c7df729b6861c154a4e0aebebaf3938e7678c8547106cf74b4d73883b2fbb65daa21d168945f049ef610e1d8dc11aae2430e2a0781af100b651f0e9f8

C:\Windows\SysWOW64\spmybapi.sys

MD5 c9c2cc5a5b297c44da23ef34822cd80e
SHA1 4e2b6f955f7ed4dcc0b5907b5ef02065a187e724
SHA256 7074ea7e93381129fae43fc3659e399648e86654898adbcfd406673fcb0f0046
SHA512 ef9b9ab34e007410d99a8d517340d79d22ec788da5e0c5a1ce34f42838804cf67627bd7588aac41a796cafe2982ae27a73cb98e888180d09b0a88a8df3e745b3

C:\Windows\SysWOW64\spmybapi.sys

MD5 51645f021e1a36d6293e654957da2352
SHA1 674f61892763a5c207648e2104599d49eabdd7ae
SHA256 d96914904af396423d72325b123d98f1bd616a78fe4923bbaea69043530c8562
SHA512 c2a7229a9862c9a996883ba883ce76b37d8445f5bb4f15b1ca09143da28253a1edb1fc5a6f824006ce76e8472b6a3e821f0f0e6a3b373c5d9276e279d6a7bd3f

memory/7672-16299-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Windows\SysWOW64\spmybapi.sys

MD5 f088920f5d1e59cd8fa3d4fa8a3107be
SHA1 b146747f4fc78a87e26ba6f9217278b0f31e3132
SHA256 a582249e9809af58437bf42affe56143761451a1da787bb42fb4584d53467f22
SHA512 490219266de3f4e245d93b38c2504b375887f6b830464f6783fd426ad73d593faf07e671a8f14b46bea700d0d63ce6ac4dae1817c6f87832bfd6e1954779880a

memory/7876-24413-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD240642250.bat

MD5 5acada48d37f71a3351c954a4bae360e
SHA1 e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1
SHA256 b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133
SHA512 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0

memory/10440-100500-0x0000000000400000-0x000000000041C000-memory.dmp