Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/pankoza2-pl/malwaredatabase-old was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Modifies registry class
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 01:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 01:49
Reported
2024-05-09 01:55
Platform
win10v2004-20240508-en
Max time kernel
353s
Max time network
363s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "c:\\horror\\bg.bmp" | C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\CLWCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "c:\\horror\\bg.bmp" | C:\Users\Admin\AppData\Local\Temp\72C6.tmp\CLWCP.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\classes.jsa | C:\Windows\system32\cmd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Globalization\ICU\icudtl.dat | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\SysWOW64\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4164,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4168,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5016,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5484,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5516,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6000,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5996,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5140,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5464,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=5388,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5132,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6356,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6972,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6992,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5812,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5448,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:8
C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe
"C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4199.tmp\419A.tmp\419B.bat "C:\Users\Admin\Downloads\A employee has shared Covid-19 report with You.doc.exe""
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Covid19.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=5640,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5444,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6436,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan.exe
"C:\Users\Admin\Downloads\HorrorTrojan.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\72C6.tmp\horror.bat" "
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\CLWCP.exe
clwcp c:\horror\bg.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\Downloads\HorrorTrojan.exe
"C:\Users\Admin\Downloads\HorrorTrojan.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8360.tmp\horror.bat" "
C:\Users\Admin\AppData\Local\Temp\8360.tmp\CLWCP.exe
clwcp c:\horror\bg.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\flasher.exe
flasher 5 c:\horror\scream.bmp
C:\Users\Admin\Downloads\HorrorTrojan.exe
"C:\Users\Admin\Downloads\HorrorTrojan.exe"
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\Downloads\HorrorTrojan.exe
"C:\Users\Admin\Downloads\HorrorTrojan.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\horror.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\horror.bat" "
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\CLWCP.exe
clwcp c:\horror\bg.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\CLWCP.exe
clwcp c:\horror\bg.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Users\Admin\AppData\Local\Temp\8360.tmp\flasher.exe
flasher 5 c:\horror\scream.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\flasher.exe
flasher 5 c:\horror\scream.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\flasher.exe
flasher 5 c:\horror\scream.bmp
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\screenscrew.exe
screenscrew.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Users\Admin\AppData\Local\Temp\8360.tmp\screenscrew.exe
screenscrew.exe
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\screenscrew.exe
screenscrew.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\screenscrew.exe
screenscrew.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8360.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\melter.exe
melter.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs"
C:\Windows\SysWOW64\timeout.exe
timeout 1 /nobreak
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 96.16.53.149:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 149.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| BE | 2.17.196.177:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.196.17.2.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BE | 2.17.196.177:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| BE | 2.17.196.177:443 | www.bing.com | udp |
Files
memory/428-0-0x0000000000400000-0x000000000046E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4199.tmp\419A.tmp\419B.bat
| MD5 | 0de7237ec7e2c8ab8e55d1ae6319e02a |
| SHA1 | f586f3344183e563d71a8cb91b8a97439b9d3558 |
| SHA256 | 49cc06b2575a0838d1ce5188fdf655ae1454d7d44670e9ba49be90e01cbd69a8 |
| SHA512 | 8cb779a6daffd97c9709eb43ace6b5cd10f7093991f9319032a809770d27a26cf13739117374f3e3c330b4eb0f60a5714bfed9194a1b8d0eadcd4c5b3f161d69 |
memory/428-6-0x0000000000400000-0x000000000046E000-memory.dmp
memory/2188-11-0x0000000000400000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\horror.bat
| MD5 | 3255e8bcd675d756d558dc26bb82620c |
| SHA1 | ec7466b0bb13bf2c88504f01e73856e1b2887415 |
| SHA256 | 10470be0fd23195dd21893584409dff05f6f58f48af5ff7106368ca12aa9e591 |
| SHA512 | 7674e4295efd95d3cb8a6f2c00a4b5d68e6f8fef233a56aae66150d8037899943ac93066601d65bce358719e174d1d21731eddbdfb830d5b08055fb2f8f292cc |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\bg.bmp
| MD5 | a605dbeda4f89c1569dd46221c5e85b5 |
| SHA1 | 5f28ce1e1788a083552b9ac760e57d278467a1f9 |
| SHA256 | 77897f44096311ddb6d569c2a595eca3967c645f24c274318a51e5346816eb8e |
| SHA512 | e4afa652f0133d51480f1d249c828600d02f024aa2cccfb58a0830a9d0c6ee56906736e6d87554ed25c4e69252536cb7379b60b2867b647966269c965b538610 |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\scream.bmp
| MD5 | 71da1eae2be419d58f50b9a4edecd9a5 |
| SHA1 | f85815f8184e7aa1a0062da376ab851870466d66 |
| SHA256 | fa03cbb06cd0a6c4875f5cb770476ebc6947b0fd366fd779bfd4c9f8b0899536 |
| SHA512 | be46a45de3d966a02c74218357d288948292b0e772a6a18bfc4c5d0b805af050d0044db18a60913cb458b5ed4f2c4fa913621984d412fc5a0edb3a0b57ee9fd1 |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\CLWCP.exe
| MD5 | e62ee6f1efc85cb36d62ab779db6e4ec |
| SHA1 | da07ec94cf2cb2b430e15bd0c5084996a47ee649 |
| SHA256 | 13b4ec59785a1b367efb691a3d5c86eb5aaf1ca0062521c4782e1baac6633f8a |
| SHA512 | 8142086979ec1ca9675418e94326a40078400aff8587fc613e17164e034badd828e9615589e6cb8b9339da7cdc9bcb8c48e0890c5f288068f4b86ff659670a69 |
memory/1128-37-0x0000000000400000-0x0000000000484000-memory.dmp
memory/4824-38-0x0000000000400000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\flasher.exe
| MD5 | 9254ca1da9ff8ad492ca5fa06ca181c6 |
| SHA1 | 70fa62e6232eae52467d29cf1c1dacb8a7aeab90 |
| SHA256 | 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6 |
| SHA512 | a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a |
memory/4112-65-0x0000000000400000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\melter.exe
| MD5 | d9baac374cc96e41c9f86c669e53f61c |
| SHA1 | b0ba67bfac3d23e718b3bfdfe120e5446d0229e8 |
| SHA256 | a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412 |
| SHA512 | 4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457 |
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\screenscrew.exe
| MD5 | e87a04c270f98bb6b5677cc789d1ad1d |
| SHA1 | 8c14cb338e23d4a82f6310d13b36729e543ff0ca |
| SHA256 | e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338 |
| SHA512 | 8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13 |
memory/3584-114-0x0000000000400000-0x0000000000484000-memory.dmp
memory/2188-115-0x0000000000400000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | e06caf5813f2cddc3a7d1fcb4493a168 |
| SHA1 | 67f6e26ee742ac97ed8f4c9e611f6e03088fa1fd |
| SHA256 | 01711eae628ef48611e348c99fd3d74f70eaf1e1fd98c9780c16dca744ef40f0 |
| SHA512 | 5a6ac342189b60c6dbbb5fb2af63fb2873067607f9b7715e9acb909c8836cac4d21f2502753e7d1aa2cab2ae099a8a513540c5162790e8dd8db7788fdee28cd2 |
memory/1616-124-0x0000000000400000-0x0000000000484000-memory.dmp
memory/3888-125-0x0000000000400000-0x0000000000484000-memory.dmp
memory/4824-132-0x0000000000400000-0x0000000000C40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs
| MD5 | 6b193d653da451758e61a183fc837987 |
| SHA1 | 3706145b17d75fa7ce7797ec7713d057eea94b46 |
| SHA256 | 68f3e86a8edf7006ef18dae2461fbd296e57beb1fc7805291e8524ab911f13e9 |
| SHA512 | aff90c761465db8afb56a56c01438fb9d2612a0782004375be1f5d62295a80b79f8284669f8b670f50c1e88df42de1060bb29aa6fd58e0165247ef16dc5a81ae |
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs
| MD5 | 984dd3537ff40747c7101726d939b391 |
| SHA1 | 2d2853935426a55f8258c642b452a4544399cf60 |
| SHA256 | 3a3ebff9fa81d715bd5c17b5ba85c6668a009fb1fa2ec9b77ece349b7fc81d31 |
| SHA512 | a990c489bb07bef0ab56746b857b014a71882c1e7b3632a64e3152738ab745f49aa1a33ef505299ac454c607271531a9c12fc3c36417f918202c678243f6e7a0 |
memory/2424-143-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/5076-145-0x0000000000400000-0x0000000000C40000-memory.dmp
memory/4112-144-0x0000000000400000-0x0000000000C40000-memory.dmp
memory/3312-155-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/4324-160-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/1540-159-0x0000000000400000-0x00000000004A4000-memory.dmp
memory/3584-171-0x0000000000400000-0x000000000044A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | 207b103a7ec95c11643921f0036983d7 |
| SHA1 | 021b9d09d8c1a07a6397e52105a86a4afe632e5a |
| SHA256 | 28b4b6f04357222ba3fb0c7908607205b35283ed1cd6d5e59c6f7e4d679c9f2e |
| SHA512 | a4d3de52de2cc1c73ff078b733ed6601a54328840de22abca576e645622853423d74843867cd7ea38dbcc84ef5d5daba65f41e75f811d1732bd834d23495f3a5 |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | 2e1e1ab626e5319bd64b0b4cb7a2336f |
| SHA1 | 9551f91f39ae4f216625ac2a626ec447fc90df28 |
| SHA256 | fca9588f41f0a6aba2a3b7c45cbdf159c4a922467e2a21369e598480ae17f8a7 |
| SHA512 | bfa9ddfa9ca30a827d507d5a2431a75980d01e0ed7b7edebd5d8a917b6e4ab24dbc1bb22b21ef7525978c0ca2dc45342f4ae319d506cad3f0d5a5726822addba |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | d0517db9a4b734e42e8609e8e3b71958 |
| SHA1 | 6f1e865a1f16414415bfee378d96c0b5a3762b27 |
| SHA256 | aa986828e0cd10a510a2e52138720ce5498cbcdc2171974c5daba83c2f9b0710 |
| SHA512 | 56e60ad0b6e956d2de7e3e659424a580e8c77f29ac22bcae90b14c6c7b0d44fd2ed72b2cece6375c3fa6e0f176b08a7fff2e85b9eacf78c6fbccea8e124cbd2c |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | 479cde1168cda682670153e47e7ea471 |
| SHA1 | 65a9bdfe65361bb2ad0d56c70dfbb8feea0324a7 |
| SHA256 | ba13129b36b7adb9932e250a71804efb1a1ce78dfbdd5f2a786c5eff4526cf37 |
| SHA512 | a5f27e48df5c4f980171fcf2165f20bd675b74f325b58c521d31db3764cd06b870f6418b13e67594e9f4e952a832624a14350bdf3f5336f23f73e2e37d452c9c |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | 273e2e78367e6a279e20a39c45834ac6 |
| SHA1 | f442df854ead90cf1e3bc753784595fc5f68d008 |
| SHA256 | 96ba69aedd98ca9131c24a93f833eec90a23ad4237d36860160137df294f16f6 |
| SHA512 | 0fe63698d45633dd8f75b8b4dd58235ca5053cfc53bf87f72b68bc2e649a20394de54246f4b09a1140d3872851220b2975b8b83df0b9b279ec981583f0115923 |
C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs
| MD5 | 7e361abdb480ecd9e3fa5f7a96d2c768 |
| SHA1 | 1ee3493f1191a37a1488a34240d9f562677ccf71 |
| SHA256 | e6388029a12b973c048d3d93383ffc605a14f6c64e4b98d3bd5e026f5f2a3bf0 |
| SHA512 | 2c2534655b4e27ec9b1630675ab591e2134c29be3cc9fd231846a721ea58ca7a458f603d83caad2a2aaf0aff2c7f7a7acc75ef84f9ae6ce6ae5363ec83c73e21 |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | 4a2932a7aa5437f4683abbc768b307c3 |
| SHA1 | e424e53ed28529eba23b99d1f6eb6add5e952da5 |
| SHA256 | f28229e280605a7818217c99090c266211d49f0a6cda4e991c432ea96e7c1b07 |
| SHA512 | 598275298a3a513c031ae62dd8fd44dbdf61b762992f71525982eb84e81be66c1be6522c2081e58084a0134077b12ca2f59a83b5b785b83cfbebc7df0f7d1c84 |
C:\Users\Admin\AppData\Local\Temp\8AD3.tmp\x.vbs
| MD5 | ae8a9067b9ae4b846b78f4aa129d4c51 |
| SHA1 | a22dd40ed9406ea83390a71e7e627153820e0016 |
| SHA256 | 3e54fca70c271bc989de939d62e59a87be9279e07518ee4dacb3fbef9b594ef7 |
| SHA512 | ca6dbb9dafcbf228964dbbdc2425ae9ae37d033182b8a55d9f1543f78b9a2b00458284493919f5819d5dbaa73e9bae4586081975c1f5cb39f4a8c7fc1fecb2b2 |
C:\Users\Admin\AppData\Local\Temp\72C6.tmp\x.vbs
| MD5 | c713661b66e726245fa71c30217de053 |
| SHA1 | 32e50f64da8892f6eedfca0d28da0e632c02991b |
| SHA256 | 35004b1f49caf60442e1b26afb09301ae061f5b033af9d1042f1f0bd4721a8e4 |
| SHA512 | 23cfd02eab21b3b1de1de6045d9289f101ac351ed6886f9eb19d79d0ab8c41b2b540d55e6e24ef9364998ce41f46e5d336ab3e8e5e42de5e46160e3d26e86520 |
C:\Users\Admin\AppData\Local\Temp\8360.tmp\x.vbs
| MD5 | 9ab4865b4ad53dedc63dc41bf3ba937f |
| SHA1 | a5229b047469261a91023e27ac8ae3768874e0eb |
| SHA256 | 56f4445990d3b35d1fac9ed17e2c8f36e64ee8cd2e1fcb36c4f0e224dee00320 |
| SHA512 | 5c37a1d69ca55ac4eb28303e039443bd9e267200d2b3879f67a11dd80a633e8c2f261731a847c70c4387b341c0dc982345d03213ec772ed3689a6fa2331ca0c7 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 340b43168f7af3961507d66def0b0345 |
| SHA1 | 7e3906c70bdf86a297748828ff46c7d37c2a26db |
| SHA256 | fcf39b3f8e6d818a62c3305625eb5ea9b980e7943d27a4640e83c4cfc58222aa |
| SHA512 | a9929bcc6f6ed2ce6d587e3973a61c0ca91e6b50ff2078148d5f0a37c1343a61fc780b35a805452da713b5aa728c1800fa769f6e9535a06f96a5f91522d28fb1 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | d18188757cc44fad1e5e2a243ce073fc |
| SHA1 | e059a10d65f82f0cd7819f9ffeea33917c9d0734 |
| SHA256 | f8c371469e10255a963e1b6a444737c944206820d5afd667eb26e2fe0e92f77f |
| SHA512 | 45fb30d014ae2f8bc9161cd49d471fc00e5fe811cfa2706f879bbc6f6020baf99b685636719aa709bf1fdfdba603029fa666952b764d86c560f6f541954d7d38 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | baa2d9a2a91df2b850f6a48d095b8e14 |
| SHA1 | 61196748d813ab81efd8c807988036c707deb990 |
| SHA256 | bec8c20f724a997f57517fede0e86be9278203dc6fc30caac788adf9b600905a |
| SHA512 | c349e105a3e8b9b726295636721d8cc96c43ce39a589d3d056062d800ddbb05c8c2d59d9adea7e6468a3de1d9b044685cbcfe0484069e28cfee0e52005710d94 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | f7bbff20020ffdb12bfb2be99026a296 |
| SHA1 | c739b1db27f71e8ec435cc4842485d0f612a8d91 |
| SHA256 | e52348ba7438195c625a4dba74fae4d3e8ad14f670cc5871a8f3392b0e9ec2fb |
| SHA512 | a4707f820053f9d700eecbb4bc322739724f7d3752ce337b8647b43de4b861eec129f2be8a7b12ba0464954d4a42a50a6b56c4e48cb99940f49ecc7ad7dfe7ad |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 585434656e1499f5f362c071214c0b21 |
| SHA1 | cf968f490e38648885f1652a3a726e0b3be260ec |
| SHA256 | 3982e8045817ee3842bcc5d86da09633a93049e98424e4894ead170f76e366c3 |
| SHA512 | e43294671c411a9bdca9ad5f035ea6069350e9d6c98149e9ad9744023bb418adb8a1a1466f4de039233020fb042cec3782b9dd97b4587a89b75b5deb1cc586c5 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 11d83b923beb0dbb3b010caff986eeb7 |
| SHA1 | 037c39867bd649a314f2f52258fc6f91c896c1a4 |
| SHA256 | d0a93d96f9705c17cf44590bb6cdd7eee1f72b18229d50d508129d0fda3d45fc |
| SHA512 | 21af0ae7e0e561535e580f30c8066fc1a922a46d1a4fc7d7f6027b5de896e1fd7e36d6fe3e8f4634663a73aa35c37955a2113f07b93dde85ddb715a95605f803 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 6ced1ce591b7a466fe17b146f804bf01 |
| SHA1 | 37b04d778f7260c0fc92de87175397084ba25d5e |
| SHA256 | 6112d86deb19364598d3b852a89d00eca066fe52c2ac9de63a9511ac5472355d |
| SHA512 | 50b1db9b613726f1b7b34943a1e9a61b26fda51cbea574a6582cae6f91bf235cc7dc98adeee9da0cc848912d15245ae49ac5844379adc9334b7511bc4b0d35c9 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 057555179f183bc5d88fdc09de71e506 |
| SHA1 | 7d00b92b3ba2e4076bfc9c006a50a7e608cbf6f1 |
| SHA256 | bd6355f96bab65d728969b1824d5fe3037607077934f0e141445c450204e93fb |
| SHA512 | 2f651b2f7f1dc7b0c5cd946cfb54645e88351b0e48cc21185109fa2f73dda125e772cfe9eeda1588d741976cfc101e57e61e17909bdd544b5a9cd986ed0d88ed |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | b5ad7f5e5f4a8c9a7a7f921900743171 |
| SHA1 | a5adcc8e89e33da6071022616d868bbbf72ac8e9 |
| SHA256 | e0a629553a0e070e5f8863eed267de7cc0d788c71cdd6c9302e912888d8373c6 |
| SHA512 | fd9428c2e2883879cfe9809ef31bc97aff70787ef6ed249eeabc4e1e4a55d3ecd46e32c3dc678f23b7e4dfaa6e348da0f2982d1b6d60871123aae0a8e84c1a16 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 0985daa1301c77132bbd49e94519f28d |
| SHA1 | fd7af8778ff25728b88c0fec935375426eca9fe1 |
| SHA256 | 9a395f6a43a2c01f42308f2ea9d2fd231c733784e892d962a0c849f048b668ee |
| SHA512 | b42b78807494ad0f19d152ff971c03d9c3a3c3c3b7f060d87428efda7833238b1d0666c9f0a9210c75e36346f359785e81f623daa0d32896f9e5a0a21d709955 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | c1765451418c4a9d244d7b3c2805a958 |
| SHA1 | ea14377f03ab36c135a14d0cf7a77ac2a7a24415 |
| SHA256 | ec95329873842c3221da1b390a9d0757dc4946f1a67b731d8f6fc69a40022995 |
| SHA512 | b5c1706269fbd1ad01774a1015b6e0bff4456e31f63dde4a98b53c91e8266f2ca306162229ff07a94ce2e2b27671799ab6b1740cb8cc87f046891b30660b414f |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 90d4fd8bc22867cfeafa62ba4392c4f9 |
| SHA1 | 51ecb0f1c15edf86a3eaf128d2559512a39dd1ce |
| SHA256 | 67b30715bd2f8e8fcaeb0643559d5b99f2a2f0d685a64f7606c46e7da4919839 |
| SHA512 | 73b7651848a55e4bf4a26c241db2649e8d3b4d322451882cabbb730f7c17b97ffb20796cfaf077a18726fd5c71480c73c270cebb798e9f43cf86230b121b942d |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 5e1965f2d4efca20109d9e8f94d03291 |
| SHA1 | bdf04593a6ea5983874bb59bb232fbc6ac1f477d |
| SHA256 | e0c1cdb0833de1567391f084995c7f011750ab6b3f60893549a13067d36e4277 |
| SHA512 | db25174f28d32bec9d77a3c7c710f8732e47238b3cfe107281935ebb2cb56120c638b8b5a932abfde4d90230a56af1b394dac47bcbc27c6dc16401c2ec701773 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | ea1533a0cf73fe2fe8ac4fbd9b34624a |
| SHA1 | 6f38ac263d489b6e6ae58605eefaa85c52ff99de |
| SHA256 | 1df54d5dfeb299411b0924db861f87700c30cd32360eae3e446042e10000fe43 |
| SHA512 | f10a9e375a7e039d584e5d6aca168abeaf4897c3114970796ffe950f4ec76a0d23bc3530751224dc39f919fd210f8fcf9e2bd43e93c46451324cbe61ec5b7543 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | d9e5b4609218d76812e4e62a488691f0 |
| SHA1 | 109041567e350ee32e80e56d734d104a1932c6d1 |
| SHA256 | d4dfeda8970208eb6f0d649f473a40b6d822d75bf1d23a7e22333b6bffbc84ca |
| SHA512 | e415015a17f0827d46ede76f3d23284bb3e533e9877f2a532ce91022cea9499c3807aa584d4fe2d25c6ad5c84acd808fa2250f54cae7dd6eddbdbba4ef8423d2 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 763b6d3ac98577c36a9fb730b4f94daf |
| SHA1 | 16d04a6eb0c4fc002849a88b2720bd59a82ac3b7 |
| SHA256 | 81e12caeb69556ca7122cd5d7aab1117cfd28c868e4b235a797bc97560420fbd |
| SHA512 | e18cfb58502b845b0bcef05072b90dbd845d799ed24db41797ad7e9bc3d5a1c5232ae8b45042ae8b336d986589f39203929c80426d0d1d1467ef802d719e3ef4 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | d4255380cd37a547d6b84357abed8cfa |
| SHA1 | da98f7c1c2352d823ba08d973921cad93754cc7a |
| SHA256 | 9027aad57a7c25dc20d7abd68eb4db22a44f0cbbe6c2a9eab9fc25937f680c51 |
| SHA512 | a292b89ae5ec15d378ed0ba19002b716776d0387d80fdc112f382a759785d29d6e73831921d190d21fd4e045e2ecd41adaadd9f770927c9133b51785d745b426 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 269078ffb594c4cba039ba2aa6250973 |
| SHA1 | 7fcb69dca3226cc0726e7f246b309620c35d566c |
| SHA256 | 6c7a62a19d8ed5d98b7f74609133ea536a30dec0567483d8665a4207f532b6c5 |
| SHA512 | cfce2fb994e682ea16ee4efa64ce70d2e937754ac95db6ec688aded0e6434200b908c9e9386a0a90e8c95c3a22f7ec487b1356e7d8e992cf13a8e758f00c2709 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 578ef3bc01eb203f29ad4435ce148bbd |
| SHA1 | 279f345072704ea16b076d2094702855b5bb87ef |
| SHA256 | 6ea643957f6dd42d4220df2e1a2b2644198bd4a26ad702e4d6afbe7a978ef911 |
| SHA512 | b293501797724a31702a9425166f1cf040cb66a661eaa468792f0bd8d836b5b6d8e483469e96dd44bc8c9a0df5df8402ce5e4ba5c0d1bc8e76b4fdb6b16dc343 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 45ac38574a5c6e4edb23b5e2e866b9b9 |
| SHA1 | bff18757d8b19e32e59414861bc7a6952b258735 |
| SHA256 | 3ccde76d208af013b6e6a8dc6518771dc79340d3fe3cc13f106d1fd82cd0a1ce |
| SHA512 | 9e894dc9aba328aff323240c3d4259d8c06bfef070355524707cdeeeb587ad9f7cfd9fab3ae308fdf3bc14cc735b24fa75a2003d27feec96167037e072c8697b |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 0694428e3ba375623990cdfb346779cc |
| SHA1 | ee6cc0bc353774732ef6eb41b565180f9ad87f5f |
| SHA256 | 36e1933cbb95fb6171a2d119a01a184c241a057c2d94e3c55532703fe7a36046 |
| SHA512 | 8c066843cf888e3ea385184db98f31a73ee25b2e2f34ea57f6fde6fd934fc1306b9592abc1b45a40b87f083cba4311a39e4f9dd9ffe9e93946d405e9b5933528 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 8f152ddf245a3709db158de88ff8a7b5 |
| SHA1 | d8ae5164d14fb2d2943864a0deb36aea278e8dcb |
| SHA256 | 870cd0e75342ee446c822fa001b47e41889d6ddb54cf347af499383c1b2f8a45 |
| SHA512 | 2895d79517acfd202912fda0cb30fb12fe7c61ef1eb1ebb5aee56efeef12671124b4e7a3c1901280a36741b08bb7a74db25fdfec69ccc0732eca29d9cde101b9 |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 873daa213bcda9b592c789319212288a |
| SHA1 | eca1b93f1ebcbb2e1fbd3ac0ad191ea2d7ac8295 |
| SHA256 | 6a9cb95675bc1fa54312eeaca5f387d91f7836610ab422782fe483331991c288 |
| SHA512 | 9306e46d987a408e6dc96e355ed796cf5d566f9f2e2625b6eda293b0f746bbb637f92693f2a4a41ab029aae5ce82c531f4ac7f7d3a92206796a6be41ee9b143b |
C:\Users\Admin\AppData\Local\Temp\8AE2.tmp\x.vbs
| MD5 | 5cb6165bdb31a6110279c5e52f3e7d08 |
| SHA1 | dd4cb9301fe9ac3e9cd71e1650fd3322de8ff17d |
| SHA256 | 248f31f92acc0f52cc0ba22b883286db380948a126e31ebc5ed165b4f83d8803 |
| SHA512 | 73c013dd84581884ff49f22e58a21ec059f9acf1790b17eb061320febb4ba27f47836fb3317b51f16f2124d8f7aed531ccb669a7880aca1bf5d5299f7a14c233 |