Analysis Overview
SHA256
d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf
Threat Level: Shows suspicious behavior
The file dd0bd857c066bfb0529440edf8b3b60d was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Installs/modifies Browser Helper Object
Drops file in System32 directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-25 02:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-25 02:44
Reported
2024-03-25 02:47
Platform
win7-20240221-en
Max time kernel
1s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File created | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe
"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259399741.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400116.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400194.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400506.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259400864.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259404406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259410271.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259430973.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259431441.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259432579.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259435762.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259465215.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259445215.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259468070.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259475729.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259481221.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259499254.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259503092.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259506602.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259513560.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259534386.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259531640.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259541016.bat
Network
Files
memory/1704-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259399741.bat
| MD5 | 09517fc62284f33e877a276463580bd1 |
| SHA1 | 0b14fe1db4493818f9de0bf2a56ee5370b8d479a |
| SHA256 | 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238 |
| SHA512 | 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d |
C:\Windows\SysWOW64\s2da2f323.dll
| MD5 | 2402303b6685d30f85acec2901b63013 |
| SHA1 | 6a62f58a7cba15b8640d1585c95f62898e1ecf88 |
| SHA256 | 18840ede56e3750980750e753d28eb29e17157905c93971b174e056c04ddf478 |
| SHA512 | 89d2add5b900b97c4b59893375cf4d9ef819735d8a39932dbcf69b1cae51550fc8a35c1f506dba8351e7ab9c9bf38cedfaca2193ec4c0e011945ea36758ff400 |
\Windows\SysWOW64\simyaapi.exe
| MD5 | dd0bd857c066bfb0529440edf8b3b60d |
| SHA1 | e9ec9ed4a053f8349c961817bcd8a1edc47cfb5f |
| SHA256 | d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf |
| SHA512 | 859f7a6b6c527f0ccec07000a9524665501fae9bcfbce1ffc004fef6c27201f0771d036299f614a25ef7a11d997ee795c69150f98d78091d5c1072c763a7a9c4 |
memory/1704-1026-0x0000000000260000-0x000000000027C000-memory.dmp
memory/1704-1032-0x0000000000260000-0x000000000027C000-memory.dmp
memory/4112-1034-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | eeb404afadb048314fbe477d290565ec |
| SHA1 | d37bea83e3645a29b17ef70daf17871108efc256 |
| SHA256 | 8693bc67164416add5786c37eb24c33897c59fc0597eb0b12391b84776873c1e |
| SHA512 | f460aa147dce30fae9b4d7d844010a023b779d5865fa1a044d18b9ec8809e1766335dc45cfed25c1d5537bc0fceacbb3be331cc4a26e61abf2a92dd0ac9d1fc1 |
C:\Windows\SysWOW64\s2da2f323.dll
| MD5 | 265de060d4943474036b521641245800 |
| SHA1 | d3f06f497d5f172bc11a95a50662e2c3477914bc |
| SHA256 | a3320e2d246b3133af7983b2d6e0fc226e42cbc6cd5f83a9d436229d81225f13 |
| SHA512 | 53d697c5e0f5459b1afd9e031188d3b5b2c53e248cb8c36c2438fa84e04325332ad4a44e79f5250fce5f06361757d95bf2d5c4a2b6d55985cd22c62cbb3fa82d |
memory/4112-1054-0x0000000000380000-0x000000000039C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | efc7d109e44305ca026668a0181ad3a4 |
| SHA1 | 810116abcb094a578edb82fc1c2e1968dfdee780 |
| SHA256 | 62180544f0a1997364c03639db0eb7e3ce64499775f81606da3264f48e7afa7f |
| SHA512 | c9a26d47b2f5c58f477e4c9b13f38b293f1f71caf4bda5b1210f84ceca28637e9ad150b3866c6666e17d0907d8e0f52e437fadc3f73a5edb483c9eacf52c96be |
memory/4244-2076-0x0000000000220000-0x000000000023C000-memory.dmp
memory/5680-2079-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | bff59449d42ada90f840dbfb976aec2b |
| SHA1 | de90a78ec0151eb58f3909d24c842cec669c5155 |
| SHA256 | 398882fe35b9864fa07c176f80cabd87379e297a6256fc5bf28310a6ba966ddb |
| SHA512 | 44091da6fb8e4af672b90068695cd1b66b641e8d1b7fa8ddd008f7feead6b3d271132acdf0308e653b68b9be63493bdfd807d1e9a94358ae0e25c9a9d8e50313 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 8a6e47bfc58b251959e7ebf075693fba |
| SHA1 | db845e3dcadaec204fd5fc995146c3091e4f65d0 |
| SHA256 | 355f5a0b4065f9fb46a6982e3a6c1f14df8d62e1fcb48100ce486063bfe04c17 |
| SHA512 | aae00f0de8663c1b2c09518ea40da3f4e3b7bf38ba10d2a26c5303227cbb39f4988ee4d9cfad6d2b752bcaf960db92ea68ea8a42be90f0e55f4496e0e97f25d8 |
memory/5792-3122-0x0000000000260000-0x000000000027C000-memory.dmp
memory/5792-3138-0x0000000000260000-0x000000000027C000-memory.dmp
memory/5680-2451-0x0000000000260000-0x000000000027C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | c860b2f4c85deba886dd6f1ab08d1b5e |
| SHA1 | 47528b49f157bd6f1f09afb345aec0230dd7f88b |
| SHA256 | 70ec523c08a0a7940216ad8921d70d32ba5192158afd0eba5437e95d4ad37f63 |
| SHA512 | 15b1ee582f63d4e4e9bf9710d0f929c2bd00d9eaaafbf7684a163651e636731773ffb10b082b6eadce46a582767da85b7245ba9eba5b4868b6bf24d152368609 |
memory/4244-2093-0x0000000000220000-0x000000000023C000-memory.dmp
memory/4112-1052-0x0000000000380000-0x000000000039C000-memory.dmp
memory/5376-4162-0x0000000000260000-0x000000000027C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259431441.bat
| MD5 | 8dadf8ce78352e9645dd4e88f23c2745 |
| SHA1 | 92a445f8a94480f1eb5c382c802743d5efb6ab56 |
| SHA256 | 0128ae46611ae0b3d1a3a12b00f5ffddcc3e64449a6c32cf1d6b7ff0388cd1c7 |
| SHA512 | c8bbf95ba1fe598b1a60ce08f70da856ed5a9e15f53b493d823bf39ce56dc393631374f530603e416b57af1e8609549d64ebc578eccafddf3208baa224b7d667 |
memory/5508-4205-0x0000000000420000-0x000000000043C000-memory.dmp
memory/5376-4188-0x0000000000260000-0x000000000027C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | f3b72685d224d686f056f165b8d3c279 |
| SHA1 | 5c51173cce0ad847d7f4667b37b4d3a2368f2852 |
| SHA256 | 35a27472d438c31c5efb06663c847ffcd2520271c7344a5476977f0b2b697ffb |
| SHA512 | 7da9502be03f539e74a4c2150b06684c99c298bc54d4c9fc8f2aa602e0016e2dd0e0132b8bb5cb350e308357981036427e86f3dd8d1b4c6370cc28abfbf0bb69 |
memory/1704-4204-0x0000000000400000-0x000000000041C000-memory.dmp
memory/5680-4185-0x0000000000260000-0x000000000027C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259430973.bat
| MD5 | 5acada48d37f71a3351c954a4bae360e |
| SHA1 | e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1 |
| SHA256 | b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133 |
| SHA512 | 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 7d86339e724f45eae62b96af05ea99f3 |
| SHA1 | e09a24b2bd9eee772f1df710a9c2c39175d6aafb |
| SHA256 | a740ee1e7a6483a463001597f73eadfc2965b501d0b7f5c7fda663e44b9b2539 |
| SHA512 | d01cd7eebae0a03fd247e6d383ea9c1cb764626a43708b3f9d908db580641c986640a99dd133c5b2633db9ff7d5a16fad29b5e50fe6d44d92771b353ec86eb57 |
memory/1704-4226-0x0000000000260000-0x000000000027C000-memory.dmp
memory/5404-4224-0x00000000005B0000-0x00000000005CC000-memory.dmp
memory/5508-4222-0x0000000000420000-0x000000000043C000-memory.dmp
memory/1704-5259-0x0000000000260000-0x000000000027C000-memory.dmp
memory/5732-5273-0x00000000002F0000-0x000000000030C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 08519d784c6cb054a887f1ed06203e66 |
| SHA1 | ad92340baae8ff064dd7b86862eb8972bbb72e86 |
| SHA256 | 48ab2ab94e913997c501f6e9fbbbcdaaf8c08b3e9e9a6720f34185cef4f327eb |
| SHA512 | b07b28d8e633612a4ef4c42daa264fd46423cb43e6694bb922014d65c277eae2a06b2840941b431c285dee3190ff0bc1b55276e43264d2226bf1400aa5460c06 |
memory/1580-5282-0x0000000000260000-0x000000000027C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | e9536358450a7dfa95d4e921dbe9d98a |
| SHA1 | 8b4a46985b2b6ca068d7f669c4be8daec2d30aca |
| SHA256 | 19a43dcbb3c5968929540717f195b4fcbd4ec6b3d358b85928ff818c8f4d8571 |
| SHA512 | 05dbfa4b934797ea7d8565a01ec9f89761ed793adb355d95c228cf277e9d66702d36b57fd4caeb31e82775fefcc2659cae15a9b8680ee0ab7ab21b69618fb768 |
memory/5564-6306-0x00000000002E0000-0x00000000002FC000-memory.dmp
memory/5564-6307-0x00000000002E0000-0x00000000002FC000-memory.dmp
memory/5960-7355-0x0000000000260000-0x000000000027C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-25 02:44
Reported
2024-03-25 02:47
Platform
win10v2004-20240226-en
Max time kernel
3s
Max time network
154s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\ = "s2da2f323.dll" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File created | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmybapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\s2da2f323.dll | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\s2da2f323.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A} | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A629FF4F-ACDB-5C90-A098-FACB3456A26A}\InprocServer32\ = "C:\\Windows\\SysWow64\\s2da2f323.dll" | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe
"C:\Users\Admin\AppData\Local\Temp\dd0bd857c066bfb0529440edf8b3b60d.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612328.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613562.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616578.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617328.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618359.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620515.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620890.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621218.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621531.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622093.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623046.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240623750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240624765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625062.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626500.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627781.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628453.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628796.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630093.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630531.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630906.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631187.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633062.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240633781.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634578.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635265.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637843.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638281.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639531.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639890.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640984.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641015.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641406.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641843.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641890.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642828.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642890.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643312.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643640.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644093.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645312.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645718.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645953.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646515.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647000.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647468.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647578.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647859.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647921.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648343.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648453.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648906.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649359.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649734.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650250.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650296.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651109.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651515.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651734.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651781.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652109.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652281.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652609.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653296.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653562.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653828.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654171.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654281.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654640.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655031.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655109.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655562.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656000.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656578.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657703.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658062.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658312.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658718.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658750.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659218.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659406.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659890.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660375.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660421.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660906.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661156.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661375.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661765.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661796.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662593.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662796.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662953.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663218.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663687.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664484.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665328.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666218.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668453.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668609.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669265.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669734.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670421.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670875.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670953.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671296.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672484.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673484.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674046.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675406.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675828.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676296.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676609.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676671.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677156.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677609.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678015.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678062.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240678687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679546.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240679859.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680187.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680375.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680406.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240680609.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681015.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681250.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681343.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681453.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681484.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681515.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681546.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681578.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681796.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681843.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240681968.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682125.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682218.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682250.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682312.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682531.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682734.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240682937.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683015.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683328.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683437.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683468.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240683578.bat
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/4964-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\s2da2f323.dll
| MD5 | 53108880a2534e53e3f881482e6ff58d |
| SHA1 | e851a2a9e5404560c470900e15519494a17655e0 |
| SHA256 | e70cca220d3d4ce995406bb876b4b3c8c64f1c99bc7420d5d7eaf75aa8fc9a3b |
| SHA512 | 0e79f1fc344f4afdd2b999d02b1749e4e90ee20524c2b18528cfe997f2517995f9a6cb7dc87f895e38e601f0be6d1b07dc42cc310e37b6d79eef3efd913f3b90 |
C:\Users\Admin\AppData\Local\Temp\~DFD240609937.bat
| MD5 | 09517fc62284f33e877a276463580bd1 |
| SHA1 | 0b14fe1db4493818f9de0bf2a56ee5370b8d479a |
| SHA256 | 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238 |
| SHA512 | 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d |
C:\Windows\SysWOW64\simyaapi.exe
| MD5 | dd0bd857c066bfb0529440edf8b3b60d |
| SHA1 | e9ec9ed4a053f8349c961817bcd8a1edc47cfb5f |
| SHA256 | d402e2fcaca8d00d0fc5dc7ba610f2a3f9f65c42c8090658088beb6c5592aacf |
| SHA512 | 859f7a6b6c527f0ccec07000a9524665501fae9bcfbce1ffc004fef6c27201f0771d036299f614a25ef7a11d997ee795c69150f98d78091d5c1072c763a7a9c4 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | eeb404afadb048314fbe477d290565ec |
| SHA1 | d37bea83e3645a29b17ef70daf17871108efc256 |
| SHA256 | 8693bc67164416add5786c37eb24c33897c59fc0597eb0b12391b84776873c1e |
| SHA512 | f460aa147dce30fae9b4d7d844010a023b779d5865fa1a044d18b9ec8809e1766335dc45cfed25c1d5537bc0fceacbb3be331cc4a26e61abf2a92dd0ac9d1fc1 |
C:\Windows\SysWOW64\s2da2f323.dll
| MD5 | 265de060d4943474036b521641245800 |
| SHA1 | d3f06f497d5f172bc11a95a50662e2c3477914bc |
| SHA256 | a3320e2d246b3133af7983b2d6e0fc226e42cbc6cd5f83a9d436229d81225f13 |
| SHA512 | 53d697c5e0f5459b1afd9e031188d3b5b2c53e248cb8c36c2438fa84e04325332ad4a44e79f5250fce5f06361757d95bf2d5c4a2b6d55985cd22c62cbb3fa82d |
memory/3452-2041-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | efc7d109e44305ca026668a0181ad3a4 |
| SHA1 | 810116abcb094a578edb82fc1c2e1968dfdee780 |
| SHA256 | 62180544f0a1997364c03639db0eb7e3ce64499775f81606da3264f48e7afa7f |
| SHA512 | c9a26d47b2f5c58f477e4c9b13f38b293f1f71caf4bda5b1210f84ceca28637e9ad150b3866c6666e17d0907d8e0f52e437fadc3f73a5edb483c9eacf52c96be |
memory/5844-3060-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | c860b2f4c85deba886dd6f1ab08d1b5e |
| SHA1 | 47528b49f157bd6f1f09afb345aec0230dd7f88b |
| SHA256 | 70ec523c08a0a7940216ad8921d70d32ba5192158afd0eba5437e95d4ad37f63 |
| SHA512 | 15b1ee582f63d4e4e9bf9710d0f929c2bd00d9eaaafbf7684a163651e636731773ffb10b082b6eadce46a582767da85b7245ba9eba5b4868b6bf24d152368609 |
memory/7944-4078-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | bff59449d42ada90f840dbfb976aec2b |
| SHA1 | de90a78ec0151eb58f3909d24c842cec669c5155 |
| SHA256 | 398882fe35b9864fa07c176f80cabd87379e297a6256fc5bf28310a6ba966ddb |
| SHA512 | 44091da6fb8e4af672b90068695cd1b66b641e8d1b7fa8ddd008f7feead6b3d271132acdf0308e653b68b9be63493bdfd807d1e9a94358ae0e25c9a9d8e50313 |
memory/7784-5224-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 8a6e47bfc58b251959e7ebf075693fba |
| SHA1 | db845e3dcadaec204fd5fc995146c3091e4f65d0 |
| SHA256 | 355f5a0b4065f9fb46a6982e3a6c1f14df8d62e1fcb48100ce486063bfe04c17 |
| SHA512 | aae00f0de8663c1b2c09518ea40da3f4e3b7bf38ba10d2a26c5303227cbb39f4988ee4d9cfad6d2b752bcaf960db92ea68ea8a42be90f0e55f4496e0e97f25d8 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 7d86339e724f45eae62b96af05ea99f3 |
| SHA1 | e09a24b2bd9eee772f1df710a9c2c39175d6aafb |
| SHA256 | a740ee1e7a6483a463001597f73eadfc2965b501d0b7f5c7fda663e44b9b2539 |
| SHA512 | d01cd7eebae0a03fd247e6d383ea9c1cb764626a43708b3f9d908db580641c986640a99dd133c5b2633db9ff7d5a16fad29b5e50fe6d44d92771b353ec86eb57 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | f3b72685d224d686f056f165b8d3c279 |
| SHA1 | 5c51173cce0ad847d7f4667b37b4d3a2368f2852 |
| SHA256 | 35a27472d438c31c5efb06663c847ffcd2520271c7344a5476977f0b2b697ffb |
| SHA512 | 7da9502be03f539e74a4c2150b06684c99c298bc54d4c9fc8f2aa602e0016e2dd0e0132b8bb5cb350e308357981036427e86f3dd8d1b4c6370cc28abfbf0bb69 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 8153589e3d7ec98f3feb234ae75c2927 |
| SHA1 | 64e491a4edc1f343e9fd94975172839ba1d30076 |
| SHA256 | a11077b534e116abf17bb7028305db305a2738719c69b4efa6eefbed1759b692 |
| SHA512 | ab7bc53abf716b6f998c105e1ea1bbf7a1681a4f95d6d4c36bf97f5d095253430248af7a47dd1b8efb25332361a69d641c73674a9f79927ef9f5b577fa803c8a |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 08519d784c6cb054a887f1ed06203e66 |
| SHA1 | ad92340baae8ff064dd7b86862eb8972bbb72e86 |
| SHA256 | 48ab2ab94e913997c501f6e9fbbbcdaaf8c08b3e9e9a6720f34185cef4f327eb |
| SHA512 | b07b28d8e633612a4ef4c42daa264fd46423cb43e6694bb922014d65c277eae2a06b2840941b431c285dee3190ff0bc1b55276e43264d2226bf1400aa5460c06 |
memory/4964-10188-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | e9536358450a7dfa95d4e921dbe9d98a |
| SHA1 | 8b4a46985b2b6ca068d7f669c4be8daec2d30aca |
| SHA256 | 19a43dcbb3c5968929540717f195b4fcbd4ec6b3d358b85928ff818c8f4d8571 |
| SHA512 | 05dbfa4b934797ea7d8565a01ec9f89761ed793adb355d95c228cf277e9d66702d36b57fd4caeb31e82775fefcc2659cae15a9b8680ee0ab7ab21b69618fb768 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 6859075333b457e54b1ec92193be3948 |
| SHA1 | b4c4f3bab0b40fa3cfe9a631977343d8ebca5195 |
| SHA256 | e70052fcd1b265afc1dd5c8149b39b3b0a7f62cc9e7b46de6ff071ebbffe8107 |
| SHA512 | 72dcf49275a09cc4997955aea0c452647efb2f626b0bd4975e3e768c989ff59395319644d593678a1e3f7642fddcea76584484e70639027ce8bea3603c1d3f40 |
memory/5376-12226-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | c0e37a53819d39e7e25386068b6bdbe9 |
| SHA1 | 55d71125a410e8f5bdb2f8d5f347cb1c2b590ead |
| SHA256 | d0a7d100ff4958a4445332165ab8b532593ec8353bca5d72c6d3e52c7e8119e3 |
| SHA512 | 60150f0a8f286926e4593e535354fcddde4aa81fa2a1349ff967edd1783cb2c8462940900377d15ab63ddce32202d1e3abbac1f218da77b83eb1f277f781942e |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 40ec090270d0227febf55e1093a474c1 |
| SHA1 | 5197ac7cb7353b8a93ba2fab7c9856d1c0ba017e |
| SHA256 | 0f684e03ba920eec7d470cc6c718cf69de0295a4ce03bc19161703a893014c66 |
| SHA512 | c5aab84c7df729b6861c154a4e0aebebaf3938e7678c8547106cf74b4d73883b2fbb65daa21d168945f049ef610e1d8dc11aae2430e2a0781af100b651f0e9f8 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | c9c2cc5a5b297c44da23ef34822cd80e |
| SHA1 | 4e2b6f955f7ed4dcc0b5907b5ef02065a187e724 |
| SHA256 | 7074ea7e93381129fae43fc3659e399648e86654898adbcfd406673fcb0f0046 |
| SHA512 | ef9b9ab34e007410d99a8d517340d79d22ec788da5e0c5a1ce34f42838804cf67627bd7588aac41a796cafe2982ae27a73cb98e888180d09b0a88a8df3e745b3 |
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | 51645f021e1a36d6293e654957da2352 |
| SHA1 | 674f61892763a5c207648e2104599d49eabdd7ae |
| SHA256 | d96914904af396423d72325b123d98f1bd616a78fe4923bbaea69043530c8562 |
| SHA512 | c2a7229a9862c9a996883ba883ce76b37d8445f5bb4f15b1ca09143da28253a1edb1fc5a6f824006ce76e8472b6a3e821f0f0e6a3b373c5d9276e279d6a7bd3f |
memory/7672-16299-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Windows\SysWOW64\spmybapi.sys
| MD5 | f088920f5d1e59cd8fa3d4fa8a3107be |
| SHA1 | b146747f4fc78a87e26ba6f9217278b0f31e3132 |
| SHA256 | a582249e9809af58437bf42affe56143761451a1da787bb42fb4584d53467f22 |
| SHA512 | 490219266de3f4e245d93b38c2504b375887f6b830464f6783fd426ad73d593faf07e671a8f14b46bea700d0d63ce6ac4dae1817c6f87832bfd6e1954779880a |
memory/7876-24413-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD240642250.bat
| MD5 | 5acada48d37f71a3351c954a4bae360e |
| SHA1 | e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1 |
| SHA256 | b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133 |
| SHA512 | 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0 |
memory/10440-100500-0x0000000000400000-0x000000000041C000-memory.dmp