Malware Analysis Report

2024-10-19 10:47

Sample ID 240620-hfpk6athqf
Target 03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118
SHA256 0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04
Tags
adware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04

Threat Level: Shows suspicious behavior

The file 03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware stealer

Executes dropped EXE

Loads dropped DLL

Installs/modifies Browser Helper Object

Drops file in System32 directory

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 06:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 06:40

Reported

2024-06-20 06:43

Platform

win7-20240220-en

Max time kernel

1s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"

Signatures

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2292 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2292 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2292 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2292 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2292 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2292 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2292 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2292 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2900 wrote to memory of 1872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2900 wrote to memory of 1872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2900 wrote to memory of 1872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2900 wrote to memory of 1872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2900 wrote to memory of 1732 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2900 wrote to memory of 1732 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2900 wrote to memory of 1732 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2900 wrote to memory of 1732 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1732 wrote to memory of 1620 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1732 wrote to memory of 1620 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1732 wrote to memory of 1620 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1732 wrote to memory of 1620 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1732 wrote to memory of 2312 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1732 wrote to memory of 2312 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1732 wrote to memory of 2312 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1732 wrote to memory of 2312 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2312 wrote to memory of 2784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2312 wrote to memory of 2784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2312 wrote to memory of 2784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2312 wrote to memory of 2784 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 2312 wrote to memory of 3008 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2312 wrote to memory of 3008 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2312 wrote to memory of 3008 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2312 wrote to memory of 3008 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3008 wrote to memory of 1344 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3008 wrote to memory of 1344 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3008 wrote to memory of 1344 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3008 wrote to memory of 1344 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 3008 wrote to memory of 5636 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3008 wrote to memory of 5636 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3008 wrote to memory of 5636 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 3008 wrote to memory of 5636 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5636 wrote to memory of 5684 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5636 wrote to memory of 5684 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5636 wrote to memory of 5684 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5636 wrote to memory of 5684 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5636 wrote to memory of 5704 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5636 wrote to memory of 5704 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5636 wrote to memory of 5704 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5636 wrote to memory of 5704 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5704 wrote to memory of 5752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5704 wrote to memory of 5752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5704 wrote to memory of 5752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5704 wrote to memory of 5752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5704 wrote to memory of 5776 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5704 wrote to memory of 5776 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5704 wrote to memory of 5776 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5704 wrote to memory of 5776 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5776 wrote to memory of 5856 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5776 wrote to memory of 5856 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5776 wrote to memory of 5856 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5776 wrote to memory of 5856 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 5776 wrote to memory of 5872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5776 wrote to memory of 5872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5776 wrote to memory of 5872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 5776 wrote to memory of 5872 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394156.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394515.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395342.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395404.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395498.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395545.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395857.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395904.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395935.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395982.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396028.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396075.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396122.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396169.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396216.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396262.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396309.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396387.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259398228.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401239.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401301.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401364.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259403298.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259424998.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426059.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426105.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426121.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426137.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426074.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426168.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426495.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426527.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426558.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426605.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426636.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426683.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426745.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426839.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426776.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426963.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426885.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259431737.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433063.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438133.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438117.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438507.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259457493.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259461876.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259470020.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259471361.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259472219.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259473810.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259491673.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259494200.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259498193.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259502125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259502343.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259504901.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259504574.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259509691.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259510986.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259511766.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259524636.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259525494.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259525915.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259527319.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259527787.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259528333.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259538535.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259539596.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542654.bat

Network

N/A

Files

memory/2292-0-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259394156.bat

MD5 09517fc62284f33e877a276463580bd1
SHA1 0b14fe1db4493818f9de0bf2a56ee5370b8d479a
SHA256 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238
SHA512 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d

C:\Windows\SysWOW64\mpmycapi.dll

MD5 9775f219bec3de667474a13d56f9811f
SHA1 56a888ec9e4c36ad7d5b19daef80c1500ec4e1b2
SHA256 001c55ba124168bb51fdfbbf8574bceaf39e086aff2455dd2b458a3aa56eee96
SHA512 c52f9eac2a0d0d1f42dad81b1ad3524b973df4f3f9330fb8d6dc894b6b648a81868cd4d70d06930316d0556b1fc91014406871006071ffe97d12a4eb7b2948c1

\Windows\SysWOW64\simyaapi.exe

MD5 03b877ce012f3ac4f716e2ec55750b47
SHA1 ff29973c58d3a2c882e31fae26b8fa41f1aae2df
SHA256 0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04
SHA512 bbbce992cd79047b238788206b91b49e52c8148ba52fd57756115e68deed0bf9615b141672e929433f9d5734b08f4068b51680b71c4e9dd81f14eb51c12beb4c

C:\Windows\SysWOW64\mpmycapi.dll

MD5 7fdb9ce87e944f136288e3af125ffcc5
SHA1 28a931f1f0e1b1479a0e1d1ec7c1eca3ac496eb6
SHA256 f396e083446910b3a1fa824fbaef7ab0913bb489c77ca70bd88d88199cf2eeb8
SHA512 60095d6b7e664919bef37ee886b0921fb8ecd3674160dcf9273e7156f8bac8b28bf68afcac5a8d9fccbe394f8032394a9a220955d45e9090d75ce28ca0108228

memory/1732-1045-0x0000000000400000-0x0000000000419000-memory.dmp

memory/2900-1044-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2900-1043-0x0000000000220000-0x0000000000239000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 95952ff53348e275c7e43f16028e4f6a
SHA1 ad4bf948131159d345d0891dd0a17dcf248228de
SHA256 b8d60987c9b2b41fec675946203dad021648c2e223aa69f59e67399f2aec578a
SHA512 5c9b0d1bcf367fbf707713e45aa1cf0638f351d5af28858156e5c32a56972aa7f8203bac3a756021c2a089e5ffd187503729bd72d732a153811ce8106bab54cf

C:\Windows\SysWOW64\spmyaapi.sys

MD5 efa7acc7dbdbb865ef828df13ede7b6b
SHA1 6d57bd9a91763e211ad906d3bd319aa3963396a7
SHA256 115d4bf55d9b6c3d410b9b70608d1d43c7330a3cc0a20f1044bf7f8d2a77a4b9
SHA512 41498792e79c6d169e7cffdf70dda902eec0de4145e9334b76594189241a2f0d1edda5822937251ee5981811780d9cdfa8475126eb84b3f139729455265a34e1

memory/1732-2072-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/1732-2071-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/2312-2086-0x0000000000220000-0x0000000000239000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 2ef6454c438dbb8bbf63516e5940ee74
SHA1 29599352dd9c7406fdd944ece76cbede8a221037
SHA256 be825986541f08ee69642a6f4530bc08851423255e3891e9a4ad801dae8c0b9e
SHA512 5459c95f69c18dfea5259e6236642a955172e9cd6780de3a155b06d1296fe841093c55d838acb65cafbb7454a804423df354a70623ecd3e9fe8bf1b5c2c79a91

memory/6096-3255-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2136-3280-0x00000000002B0000-0x00000000002C9000-memory.dmp

memory/2900-3281-0x0000000000220000-0x0000000000239000-memory.dmp

memory/1104-3282-0x0000000000220000-0x0000000000239000-memory.dmp

memory/1732-3292-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/1732-3291-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/2900-3279-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5872-3249-0x00000000002B0000-0x00000000002C9000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 32488751f6a0e5e2abd547f1d803c1cf
SHA1 42308ebf29542c711de9fca97148b2c739db416d
SHA256 4cbafa5c6f2a046d05b0d11c26d02ab9d7fcde4109ea7bb36fd92acc22768fbe
SHA512 c8fa18ccbe9b3c9d9ddefcbeb37a308d3b7dc0086dc065c75eb16c01da4ea0e749fccc1e33c6220e90db4ffe0941a07e091026efdbeb1f983dff10673eadf1e1

C:\Windows\SysWOW64\spmyaapi.sys

MD5 fcd43440f4b51607c5e004485f1a447a
SHA1 ae31c0970a875b3e773dc22cdba62a82b171ec98
SHA256 a64a67f6b58b3f05e21834993764326e598fc6c128b8a975a227148318e8ad28
SHA512 823cf2b5fbaaaed1d4fbc0e72cc044cc839db7f220e9022e6d3c7431843a53744f2568beccb0127b9846e614fd0bb565fc7618377ac138dace97cc77bb9096be

memory/604-3262-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2756-3261-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2336-3260-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2336-3259-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2552-3258-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5748-3257-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5748-3256-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2292-3151-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/6096-3254-0x0000000000220000-0x0000000000239000-memory.dmp

memory/6032-3253-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/5964-3252-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/5964-3251-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/5872-3250-0x00000000002B0000-0x00000000002C9000-memory.dmp

memory/2292-3138-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 cdc776f843097ce4093b085e1eae8768
SHA1 1435fe37a0649537fd479c12c03b2f5634f78373
SHA256 7f238693de286115403a9cfc595e2209a6578977e5fb5a43ba1904b8428e57c1
SHA512 b1e06d7cb1858449d2b05980ea7a07d091726604c984aef1296a2e655c0d76ccc82340562bd4f7b0b885d3f7c9a5a0d56ce65ddebf0de6833829147d3a4a4958

memory/3008-3134-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2312-2085-0x0000000000220000-0x0000000000239000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 d39f4a3d599d01e9a01b9705bfb0b22f
SHA1 1a0d2ccc11a5f1c960c855f221e2670ab28f1109
SHA256 58571834911c012a572dd94463dbb6c088e7c2e01a9236e3231634d14379ff74
SHA512 ac421feda74cd77a8d18e4799c4f985a5147b668f0eb3385a226960df12ed54e506e70c1d6d9a0825961599364ec18b05abf072b4a61bf23a9beb1a9495bd40a

memory/2312-3309-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2312-3310-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2496-3312-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2192-3311-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/2928-4333-0x0000000000400000-0x0000000000419000-memory.dmp

memory/2592-4332-0x0000000000220000-0x0000000000239000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259424998.bat

MD5 7d50aa6b005aa3091440a3dd80f5dccf
SHA1 31396a45f68fd7afa508f5b151ee6f0571641da6
SHA256 2d686f660282ded29cd9c67f86896eb1d61e67dee49df7cee5889c136fda4c8e
SHA512 cb913498dd14382336ccd2c5178ecfb419695648bb5e2ad0473555bf46f89b517a1048eb790f430a4934705c543cee0f8c39afa96623c407e3e141081a332213

C:\Users\Admin\AppData\Local\Temp\~DFD259426059.bat

MD5 5acada48d37f71a3351c954a4bae360e
SHA1 e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1
SHA256 b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133
SHA512 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0

memory/2928-5552-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4220-6572-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4936-7592-0x0000000000230000-0x0000000000249000-memory.dmp

memory/2520-8618-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/4024-9632-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4024-9633-0x0000000000220000-0x0000000000239000-memory.dmp

memory/2928-9635-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5264-9634-0x0000000000400000-0x0000000000419000-memory.dmp

memory/5264-10655-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5264-10656-0x0000000000220000-0x0000000000239000-memory.dmp

memory/828-10658-0x0000000000400000-0x0000000000419000-memory.dmp

memory/4220-10657-0x0000000000220000-0x0000000000239000-memory.dmp

memory/828-11688-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4936-11687-0x0000000000230000-0x0000000000249000-memory.dmp

memory/2520-12725-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/4024-12726-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4024-12727-0x0000000000220000-0x0000000000239000-memory.dmp

memory/3220-12744-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5264-12743-0x0000000000220000-0x0000000000239000-memory.dmp

memory/1096-13774-0x0000000000220000-0x0000000000239000-memory.dmp

memory/828-13773-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5332-14794-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/5332-14795-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/3220-15815-0x0000000000220000-0x0000000000239000-memory.dmp

memory/6688-15816-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/1096-17855-0x0000000000220000-0x0000000000239000-memory.dmp

memory/3796-17856-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/5512-17858-0x0000000000400000-0x0000000000419000-memory.dmp

memory/5332-17857-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/5512-18880-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5512-18879-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5332-18878-0x00000000002A0000-0x00000000002B9000-memory.dmp

memory/6688-19900-0x00000000001B0000-0x00000000001C9000-memory.dmp

memory/3992-19901-0x0000000000220000-0x0000000000239000-memory.dmp

memory/5512-20929-0x0000000000220000-0x0000000000239000-memory.dmp

memory/4680-20930-0x0000000000220000-0x0000000000239000-memory.dmp

memory/3992-21958-0x0000000000220000-0x0000000000239000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat

MD5 dc543378517a78a110c0c122d6a51594
SHA1 f915e2dba37ad177644e2ab807d1c24962676cd6
SHA256 5fad937fa7db2ed75444b24f0e307b629bf15cfa6110c9d6a825fe6e74124906
SHA512 2fde91621985ab8b2d2d1a2ca60683b97d9faadc693dc77ef9c608a3db6f3e861b5469a49701820dc0b4b6192aa88714822605f32a11478aabe474565bc808a5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 06:40

Reported

2024-06-20 06:43

Platform

win10v2004-20240611-en

Max time kernel

2s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A
N/A N/A C:\Windows\SysWOW64\simyaapi.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\simyaapi.exe C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File created C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\mpmycapi.dll C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\spmyaapi.sys C:\Windows\SysWOW64\simyaapi.exe N/A
File opened for modification C:\Windows\SysWOW64\verclsid.exe C:\Windows\SysWOW64\simyaapi.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263} C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 C:\Windows\SysWOW64\simyaapi.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\simyaapi.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2700 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 228 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2700 wrote to memory of 6692 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2700 wrote to memory of 6692 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 2700 wrote to memory of 6692 N/A C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe C:\Windows\SysWOW64\simyaapi.exe
PID 6692 wrote to memory of 6752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 6692 wrote to memory of 6752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 6692 wrote to memory of 6752 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 6692 wrote to memory of 4676 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 6692 wrote to memory of 4676 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 6692 wrote to memory of 4676 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4676 wrote to memory of 4780 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4676 wrote to memory of 4780 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4676 wrote to memory of 4780 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 4676 wrote to memory of 7116 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4676 wrote to memory of 7116 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 4676 wrote to memory of 7116 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 7116 wrote to memory of 7144 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7116 wrote to memory of 7144 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7116 wrote to memory of 7144 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 7116 wrote to memory of 1896 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\System32\Conhost.exe
PID 7116 wrote to memory of 1896 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\System32\Conhost.exe
PID 7116 wrote to memory of 1896 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\System32\Conhost.exe
PID 1896 wrote to memory of 4580 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 4580 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 4580 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\cmd.exe
PID 1896 wrote to memory of 5136 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1896 wrote to memory of 5136 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe
PID 1896 wrote to memory of 5136 N/A C:\Windows\SysWOW64\simyaapi.exe C:\Windows\SysWOW64\simyaapi.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240602546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240602937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240603359.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240603734.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604562.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604906.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240605359.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240605765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606515.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240607250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240607859.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240608609.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240608984.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609296.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611937.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613359.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613734.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614953.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615859.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616593.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617453.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619046.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619375.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619796.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620218.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620687.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621828.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626015.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626500.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626921.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627328.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627984.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628265.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629218.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631375.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632281.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634921.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635734.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636109.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636531.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636578.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636656.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636656.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637515.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637953.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638296.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638343.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638703.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639234.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639796.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639953.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640718.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642000.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642421.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642968.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643312.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643375.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643765.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643781.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643968.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644453.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644515.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645031.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646125.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646562.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646578.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646984.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647265.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647453.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647593.bat

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647921.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648171.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648328.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648687.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648718.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649046.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649328.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649734.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650156.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650625.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651015.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651421.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651500.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651875.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651968.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652093.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652453.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652921.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653031.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653421.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653875.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654703.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655140.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655531.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655812.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655968.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656484.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656921.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657250.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657375.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657640.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657703.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658250.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658437.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658640.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658640.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659093.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659609.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659859.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660281.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660468.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660765.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660765.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661203.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661562.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661937.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662421.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662546.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663125.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663453.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663562.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664015.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665359.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665562.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665906.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666437.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666437.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666859.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666953.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667078.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667734.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667750.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668187.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668593.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668734.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668984.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669156.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669406.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670000.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670375.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670453.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670859.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671296.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671328.bat

C:\Windows\SysWOW64\simyaapi.exe

C:\Windows\system32\simyaapi.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671687.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671750.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671765.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672062.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672203.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672968.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672968.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673078.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673109.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673171.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673312.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673546.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673812.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674109.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674296.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674703.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674750.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674890.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675156.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675265.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675343.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675390.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675625.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675671.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675765.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675828.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675906.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676000.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676046.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676171.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676250.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676343.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676640.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676687.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676843.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676984.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677093.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677140.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677234.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677406.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677484.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677500.bat

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677546.bat

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp

Files

memory/2700-0-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Windows\SysWOW64\mpmycapi.dll

MD5 18edae92ac178726af673d9418e6e265
SHA1 2ca89d44790e80fa23f592bf6db8ac38d2794e00
SHA256 8c54a9477c97703b31a2c105c2d0e2d86425efa7bfb2712f7b314c6a841d33bd
SHA512 1a25b21831bfacfc8e37fa27ac012c9dcf180266be62fadd2f4f581a8ee71d05bd0f22d34587a01e591a52667325c95b54ce1edacf7aecac533f4a7527d406d4

C:\Windows\SysWOW64\simyaapi.exe

MD5 03b877ce012f3ac4f716e2ec55750b47
SHA1 ff29973c58d3a2c882e31fae26b8fa41f1aae2df
SHA256 0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04
SHA512 bbbce992cd79047b238788206b91b49e52c8148ba52fd57756115e68deed0bf9615b141672e929433f9d5734b08f4068b51680b71c4e9dd81f14eb51c12beb4c

C:\Users\Admin\AppData\Local\Temp\~DFD240602546.bat

MD5 09517fc62284f33e877a276463580bd1
SHA1 0b14fe1db4493818f9de0bf2a56ee5370b8d479a
SHA256 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238
SHA512 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d

memory/6692-1020-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 95952ff53348e275c7e43f16028e4f6a
SHA1 ad4bf948131159d345d0891dd0a17dcf248228de
SHA256 b8d60987c9b2b41fec675946203dad021648c2e223aa69f59e67399f2aec578a
SHA512 5c9b0d1bcf367fbf707713e45aa1cf0638f351d5af28858156e5c32a56972aa7f8203bac3a756021c2a089e5ffd187503729bd72d732a153811ce8106bab54cf

C:\Windows\SysWOW64\mpmycapi.dll

MD5 7fdb9ce87e944f136288e3af125ffcc5
SHA1 28a931f1f0e1b1479a0e1d1ec7c1eca3ac496eb6
SHA256 f396e083446910b3a1fa824fbaef7ab0913bb489c77ca70bd88d88199cf2eeb8
SHA512 60095d6b7e664919bef37ee886b0921fb8ecd3674160dcf9273e7156f8bac8b28bf68afcac5a8d9fccbe394f8032394a9a220955d45e9090d75ce28ca0108228

C:\Windows\SysWOW64\spmyaapi.sys

MD5 efa7acc7dbdbb865ef828df13ede7b6b
SHA1 6d57bd9a91763e211ad906d3bd319aa3963396a7
SHA256 115d4bf55d9b6c3d410b9b70608d1d43c7330a3cc0a20f1044bf7f8d2a77a4b9
SHA512 41498792e79c6d169e7cffdf70dda902eec0de4145e9334b76594189241a2f0d1edda5822937251ee5981811780d9cdfa8475126eb84b3f139729455265a34e1

C:\Windows\SysWOW64\spmyaapi.sys

MD5 d39f4a3d599d01e9a01b9705bfb0b22f
SHA1 1a0d2ccc11a5f1c960c855f221e2670ab28f1109
SHA256 58571834911c012a572dd94463dbb6c088e7c2e01a9236e3231634d14379ff74
SHA512 ac421feda74cd77a8d18e4799c4f985a5147b668f0eb3385a226960df12ed54e506e70c1d6d9a0825961599364ec18b05abf072b4a61bf23a9beb1a9495bd40a

C:\Windows\SysWOW64\spmyaapi.sys

MD5 b583ff15489f992f997971abb13e857d
SHA1 2615921e281743a6e0eb5b482ed88be48ac58caa
SHA256 94bb9262c6ba088e0545f731aacd160a90d422fd0bbb695e97e6db2757193b9d
SHA512 4cd5c81e88e424460c54f6f8e793a88f497f4997621c4d3d0a71c721f98974b7736fa89cc3700e2134d3d0fb4e72b0a95f9daf38e8f453e48f9d2b1f5db6d535

C:\Windows\SysWOW64\spmyaapi.sys

MD5 7c5480d7ded193b7ac93a0040a0bc70d
SHA1 90b5e701bd25aa848afa88ea960fff5f9ec14a1e
SHA256 4b3fe4e4c91463cddb6b3b443b28a3c710b85426e1e3b983997defa93e913a61
SHA512 22c8cee8cb5f7b29da3d2809a33124eeffbd6331e070d7c77b85ba029209e337a62d64747d68172121f5b71dbbd815230258a572086002c86e468aa9093195f2

C:\Windows\SysWOW64\spmyaapi.sys

MD5 cc5816c4cf23346242c0ceaa3d2941a6
SHA1 c14908cc1c7d8d20ac3b66c1e7e0f2e781a8db13
SHA256 732392ec9a99c6232c392be11bbb7d868ddb0583fd3bd7d05b588299e2ce42b7
SHA512 5e2c6d539989cfba433210e6c097add17464c4c48ef9a4fb9e304a65ce3f63f5dc520087823d6d9cac7ee45fe65a45d2ab5b7136c0c554f69e39b326a4efa08d

C:\Windows\SysWOW64\spmyaapi.sys

MD5 cdc776f843097ce4093b085e1eae8768
SHA1 1435fe37a0649537fd479c12c03b2f5634f78373
SHA256 7f238693de286115403a9cfc595e2209a6578977e5fb5a43ba1904b8428e57c1
SHA512 b1e06d7cb1858449d2b05980ea7a07d091726604c984aef1296a2e655c0d76ccc82340562bd4f7b0b885d3f7c9a5a0d56ce65ddebf0de6833829147d3a4a4958

C:\Windows\SysWOW64\spmyaapi.sys

MD5 200b365844524ad639120d3f4448944c
SHA1 9ef58da66c07c728b56b56bf6ac8a036bf59a74c
SHA256 95b1921eb123ff28f3355974059ff2b828a041af8226f8117ff6fad49eacd1a2
SHA512 3c3dcd0eaab0a80f2323dd9fa925567545d89305e27fb098629157c915f9edfc31eade8abafc1eee9f76822587539bdd579d306f15f77342ab753391ebf887b0

C:\Windows\SysWOW64\spmyaapi.sys

MD5 cd315c4350e9d5f8831d248d4bd4d89e
SHA1 1a0bd5c0d5b015d559fa28674b3b1401c5f3cc82
SHA256 dc07b0079c4696f4b501e10ecffd9549f7ef1ebfdc2167b56a17943f4547f3c1
SHA512 49ede3138800e9d2a2e57fc76a471f6a1d16ef44dcb8e3c594c77bb0123b9731e6dbc9d395a592d4e81491d9ea2d1f76c563dbfcf1952a21de24d83a0bb6f6a2

memory/2700-10181-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Windows\SysWOW64\spmyaapi.sys

MD5 991184bdcd5a094d4c346b5aa610229e
SHA1 1e04e5807f517eb3c7164a271ceccb1cce12c3c7
SHA256 b353ce10352d2e2478242884b9831a14e0dc90f8ddc91848702e53fb54d39809
SHA512 8907dbad3e9dd00f8a88fbb75816862483725e8cc564f91ae88176842d4a95964535b5e5e171fa1691bf04395f60a496cd7a298ae2c7b1dd68d1ae483359d663

C:\Windows\SysWOW64\spmyaapi.sys

MD5 fdc6f88c66974bd466cb263f32588a71
SHA1 e22485985249c6afb812454328ffa84e2fe8c177
SHA256 0abda706956f302c5021cda6190a3f0b39617b6bfcbeec8e66050fd8f171f0da
SHA512 fdccb8f9235a26d3f00020b6b0ca05b6076dc3c504f0822266fe5c1124c03799797bbd58762656fc8085cdec167bec0416000902fea24a4b1d26abc94a325f81

C:\Windows\SysWOW64\spmyaapi.sys

MD5 92f50f6585a213512ba9aa798aea7214
SHA1 9d266420580c813ae33c9582a16affe071b43904
SHA256 2795b67de72c97f2f2ef0bbb9fa325ed0c9642ddb8a0eda393b9709557358b7e
SHA512 113df8f70470f887c2ed1e6970bb914814ee4f29e8b17d18345d03ace3a1c5107b41f3975bd9c5d7a46a09dd995722cd41035f51a2bd9e99c083d5eca28a5224

C:\Windows\SysWOW64\spmyaapi.sys

MD5 a3ed02ac6b33e8a2251b0a119d66e427
SHA1 f2374747fdcd1e77576705461a86d9824f862530
SHA256 754af3e01804e764d539cc00fcf2106faa792f84391ac6faf644a21470bb714a
SHA512 41de67db4683b30d7ff64909ed3d2d0d06f40bda208ddf7ad828f657629f4105debac666e1aa9228eea551637acb06a08fd044920df3f892a9db1eb94e624e54

C:\Windows\SysWOW64\spmyaapi.sys

MD5 81525296f5f55ca75495410d5425c8a4
SHA1 8e42e1329b6fed9e9b8e5b4f5b9b0dff83781a81
SHA256 9d712dfe2436a533f876ffa8b970ba366f508c101c05a83d7ec2811e56d48889
SHA512 5c7bdb22ca977296f5cf5292e810b47f550a46543f8697c84898938af2135123d0c1dc0006a830a2771615a645a31cacee659c7dea3f6d4f09df93a44a5c8c55

C:\Windows\SysWOW64\spmyaapi.sys

MD5 a4bb388c6474ecceb9b6cc8282f5813a
SHA1 aa11121143483c3b66a5a62d28f3b0cbc61f7466
SHA256 98c84c00bca48933d41d763ab0368e3efd6c6cfa6eb6be184163975d7c8b49cb
SHA512 86442369a36eb308160c2bca051f457c0e93114b741d4bbd4579c5980b143be509256489a75236777450937ccbc8f2503e3f3fccc51232c1a4c84d5f0bf517f5

C:\Windows\SysWOW64\spmyaapi.sys

MD5 a594ec8ba477ecdd666087f8f2d9488a
SHA1 51290e6a909e03f65353eef66433345ec61f7630
SHA256 07a05c3d13a40a0549e01a2df5fbd461909760862bd783edc6ea3bdd1ff07513
SHA512 ee2c9c17e43a5db992105a971115540c03513180e5027177a7eff9d480e17d4f128673108cd617de5493aa4d710ffbefbc03223a439f49af8b676c9677df32e0

memory/6196-19335-0x0000000000400000-0x0000000000419000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat

MD5 5acada48d37f71a3351c954a4bae360e
SHA1 e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1
SHA256 b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133
SHA512 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0

memory/10848-71058-0x0000000000400000-0x0000000000419000-memory.dmp

memory/16704-155443-0x00000000006B0000-0x000000000070A000-memory.dmp