Analysis Overview
SHA256
0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04
Threat Level: Shows suspicious behavior
The file 03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Installs/modifies Browser Helper Object
Drops file in System32 directory
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 06:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 06:40
Reported
2024-06-20 06:43
Platform
win7-20240220-en
Max time kernel
1s
Max time network
121s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Loads dropped DLL
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394156.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259394515.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395342.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395404.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395498.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395545.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395857.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395904.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395935.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259395982.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396028.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396075.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396122.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396169.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396216.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396262.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396309.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259396387.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259398228.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401239.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401301.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259401364.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259403298.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259424998.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426059.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426105.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426121.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426137.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426074.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426168.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426495.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426527.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426558.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426605.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426636.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426683.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426745.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426839.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426776.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426963.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259426885.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259431737.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259433063.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438133.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438117.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259438507.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259457493.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259461876.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259470020.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259471361.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259472219.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259473810.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259491673.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259494200.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259498193.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259502125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259502343.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259504901.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259504574.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259509691.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259510986.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259511766.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259524636.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259525494.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259525915.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259527319.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259527787.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259528333.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259538535.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259539596.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\~DFD259542654.bat
Network
Files
memory/2292-0-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259394156.bat
| MD5 | 09517fc62284f33e877a276463580bd1 |
| SHA1 | 0b14fe1db4493818f9de0bf2a56ee5370b8d479a |
| SHA256 | 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238 |
| SHA512 | 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d |
C:\Windows\SysWOW64\mpmycapi.dll
| MD5 | 9775f219bec3de667474a13d56f9811f |
| SHA1 | 56a888ec9e4c36ad7d5b19daef80c1500ec4e1b2 |
| SHA256 | 001c55ba124168bb51fdfbbf8574bceaf39e086aff2455dd2b458a3aa56eee96 |
| SHA512 | c52f9eac2a0d0d1f42dad81b1ad3524b973df4f3f9330fb8d6dc894b6b648a81868cd4d70d06930316d0556b1fc91014406871006071ffe97d12a4eb7b2948c1 |
\Windows\SysWOW64\simyaapi.exe
| MD5 | 03b877ce012f3ac4f716e2ec55750b47 |
| SHA1 | ff29973c58d3a2c882e31fae26b8fa41f1aae2df |
| SHA256 | 0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04 |
| SHA512 | bbbce992cd79047b238788206b91b49e52c8148ba52fd57756115e68deed0bf9615b141672e929433f9d5734b08f4068b51680b71c4e9dd81f14eb51c12beb4c |
C:\Windows\SysWOW64\mpmycapi.dll
| MD5 | 7fdb9ce87e944f136288e3af125ffcc5 |
| SHA1 | 28a931f1f0e1b1479a0e1d1ec7c1eca3ac496eb6 |
| SHA256 | f396e083446910b3a1fa824fbaef7ab0913bb489c77ca70bd88d88199cf2eeb8 |
| SHA512 | 60095d6b7e664919bef37ee886b0921fb8ecd3674160dcf9273e7156f8bac8b28bf68afcac5a8d9fccbe394f8032394a9a220955d45e9090d75ce28ca0108228 |
memory/1732-1045-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2900-1044-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2900-1043-0x0000000000220000-0x0000000000239000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 95952ff53348e275c7e43f16028e4f6a |
| SHA1 | ad4bf948131159d345d0891dd0a17dcf248228de |
| SHA256 | b8d60987c9b2b41fec675946203dad021648c2e223aa69f59e67399f2aec578a |
| SHA512 | 5c9b0d1bcf367fbf707713e45aa1cf0638f351d5af28858156e5c32a56972aa7f8203bac3a756021c2a089e5ffd187503729bd72d732a153811ce8106bab54cf |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | efa7acc7dbdbb865ef828df13ede7b6b |
| SHA1 | 6d57bd9a91763e211ad906d3bd319aa3963396a7 |
| SHA256 | 115d4bf55d9b6c3d410b9b70608d1d43c7330a3cc0a20f1044bf7f8d2a77a4b9 |
| SHA512 | 41498792e79c6d169e7cffdf70dda902eec0de4145e9334b76594189241a2f0d1edda5822937251ee5981811780d9cdfa8475126eb84b3f139729455265a34e1 |
memory/1732-2072-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/1732-2071-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/2312-2086-0x0000000000220000-0x0000000000239000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 2ef6454c438dbb8bbf63516e5940ee74 |
| SHA1 | 29599352dd9c7406fdd944ece76cbede8a221037 |
| SHA256 | be825986541f08ee69642a6f4530bc08851423255e3891e9a4ad801dae8c0b9e |
| SHA512 | 5459c95f69c18dfea5259e6236642a955172e9cd6780de3a155b06d1296fe841093c55d838acb65cafbb7454a804423df354a70623ecd3e9fe8bf1b5c2c79a91 |
memory/6096-3255-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2136-3280-0x00000000002B0000-0x00000000002C9000-memory.dmp
memory/2900-3281-0x0000000000220000-0x0000000000239000-memory.dmp
memory/1104-3282-0x0000000000220000-0x0000000000239000-memory.dmp
memory/1732-3292-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/1732-3291-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/2900-3279-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5872-3249-0x00000000002B0000-0x00000000002C9000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 32488751f6a0e5e2abd547f1d803c1cf |
| SHA1 | 42308ebf29542c711de9fca97148b2c739db416d |
| SHA256 | 4cbafa5c6f2a046d05b0d11c26d02ab9d7fcde4109ea7bb36fd92acc22768fbe |
| SHA512 | c8fa18ccbe9b3c9d9ddefcbeb37a308d3b7dc0086dc065c75eb16c01da4ea0e749fccc1e33c6220e90db4ffe0941a07e091026efdbeb1f983dff10673eadf1e1 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | fcd43440f4b51607c5e004485f1a447a |
| SHA1 | ae31c0970a875b3e773dc22cdba62a82b171ec98 |
| SHA256 | a64a67f6b58b3f05e21834993764326e598fc6c128b8a975a227148318e8ad28 |
| SHA512 | 823cf2b5fbaaaed1d4fbc0e72cc044cc839db7f220e9022e6d3c7431843a53744f2568beccb0127b9846e614fd0bb565fc7618377ac138dace97cc77bb9096be |
memory/604-3262-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2756-3261-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2336-3260-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2336-3259-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2552-3258-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5748-3257-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5748-3256-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2292-3151-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/6096-3254-0x0000000000220000-0x0000000000239000-memory.dmp
memory/6032-3253-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/5964-3252-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/5964-3251-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/5872-3250-0x00000000002B0000-0x00000000002C9000-memory.dmp
memory/2292-3138-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | cdc776f843097ce4093b085e1eae8768 |
| SHA1 | 1435fe37a0649537fd479c12c03b2f5634f78373 |
| SHA256 | 7f238693de286115403a9cfc595e2209a6578977e5fb5a43ba1904b8428e57c1 |
| SHA512 | b1e06d7cb1858449d2b05980ea7a07d091726604c984aef1296a2e655c0d76ccc82340562bd4f7b0b885d3f7c9a5a0d56ce65ddebf0de6833829147d3a4a4958 |
memory/3008-3134-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2312-2085-0x0000000000220000-0x0000000000239000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | d39f4a3d599d01e9a01b9705bfb0b22f |
| SHA1 | 1a0d2ccc11a5f1c960c855f221e2670ab28f1109 |
| SHA256 | 58571834911c012a572dd94463dbb6c088e7c2e01a9236e3231634d14379ff74 |
| SHA512 | ac421feda74cd77a8d18e4799c4f985a5147b668f0eb3385a226960df12ed54e506e70c1d6d9a0825961599364ec18b05abf072b4a61bf23a9beb1a9495bd40a |
memory/2312-3309-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2312-3310-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2496-3312-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2192-3311-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/2928-4333-0x0000000000400000-0x0000000000419000-memory.dmp
memory/2592-4332-0x0000000000220000-0x0000000000239000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259424998.bat
| MD5 | 7d50aa6b005aa3091440a3dd80f5dccf |
| SHA1 | 31396a45f68fd7afa508f5b151ee6f0571641da6 |
| SHA256 | 2d686f660282ded29cd9c67f86896eb1d61e67dee49df7cee5889c136fda4c8e |
| SHA512 | cb913498dd14382336ccd2c5178ecfb419695648bb5e2ad0473555bf46f89b517a1048eb790f430a4934705c543cee0f8c39afa96623c407e3e141081a332213 |
C:\Users\Admin\AppData\Local\Temp\~DFD259426059.bat
| MD5 | 5acada48d37f71a3351c954a4bae360e |
| SHA1 | e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1 |
| SHA256 | b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133 |
| SHA512 | 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0 |
memory/2928-5552-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4220-6572-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4936-7592-0x0000000000230000-0x0000000000249000-memory.dmp
memory/2520-8618-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/4024-9632-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4024-9633-0x0000000000220000-0x0000000000239000-memory.dmp
memory/2928-9635-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5264-9634-0x0000000000400000-0x0000000000419000-memory.dmp
memory/5264-10655-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5264-10656-0x0000000000220000-0x0000000000239000-memory.dmp
memory/828-10658-0x0000000000400000-0x0000000000419000-memory.dmp
memory/4220-10657-0x0000000000220000-0x0000000000239000-memory.dmp
memory/828-11688-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4936-11687-0x0000000000230000-0x0000000000249000-memory.dmp
memory/2520-12725-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/4024-12726-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4024-12727-0x0000000000220000-0x0000000000239000-memory.dmp
memory/3220-12744-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5264-12743-0x0000000000220000-0x0000000000239000-memory.dmp
memory/1096-13774-0x0000000000220000-0x0000000000239000-memory.dmp
memory/828-13773-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5332-14794-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/5332-14795-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/3220-15815-0x0000000000220000-0x0000000000239000-memory.dmp
memory/6688-15816-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/1096-17855-0x0000000000220000-0x0000000000239000-memory.dmp
memory/3796-17856-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/5512-17858-0x0000000000400000-0x0000000000419000-memory.dmp
memory/5332-17857-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/5512-18880-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5512-18879-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5332-18878-0x00000000002A0000-0x00000000002B9000-memory.dmp
memory/6688-19900-0x00000000001B0000-0x00000000001C9000-memory.dmp
memory/3992-19901-0x0000000000220000-0x0000000000239000-memory.dmp
memory/5512-20929-0x0000000000220000-0x0000000000239000-memory.dmp
memory/4680-20930-0x0000000000220000-0x0000000000239000-memory.dmp
memory/3992-21958-0x0000000000220000-0x0000000000239000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD259542498.bat
| MD5 | dc543378517a78a110c0c122d6a51594 |
| SHA1 | f915e2dba37ad177644e2ab807d1c24962676cd6 |
| SHA256 | 5fad937fa7db2ed75444b24f0e307b629bf15cfa6110c9d6a825fe6e74124906 |
| SHA512 | 2fde91621985ab8b2d2d1a2ca60683b97d9faadc693dc77ef9c608a3db6f3e861b5469a49701820dc0b4b6192aa88714822605f32a11478aabe474565bc808a5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 06:40
Reported
2024-06-20 06:43
Platform
win10v2004-20240611-en
Max time kernel
2s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\ = "mpmycapi.dll" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\simyaapi.exe | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File created | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\simyaapi.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mpmycapi.dll | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spmyaapi.sys | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\verclsid.exe | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263} | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ = "C:\\Windows\\SysWow64\\mpmycapi.dll" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32 | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3629FF4F-ACDB-5C90-A098-FACB3456A263}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\simyaapi.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03b877ce012f3ac4f716e2ec55750b47_JaffaCakes118.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240602546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240602937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240603359.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240603734.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604562.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240604906.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240605359.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240605765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606515.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240606875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240607250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240607859.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240608609.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240608984.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609296.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240609656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240610750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240611937.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240612656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613359.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240613734.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240614953.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240615859.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240616593.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617453.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240617812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240618687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619046.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619375.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240619796.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620218.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240620687.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240621828.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240622718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240625625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626015.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626500.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240626921.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627328.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240627984.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628265.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240628718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629218.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240629640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240630656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631375.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240631812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240632281.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240634921.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240635734.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636109.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636531.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636578.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636656.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240636656.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637515.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240637953.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638296.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638343.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240638703.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639234.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639796.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240639953.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640718.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240640875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240641640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642000.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642421.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240642968.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643312.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643375.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643765.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643781.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240643968.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644453.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240644515.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645031.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240645640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646125.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646562.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646578.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240646984.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647265.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647453.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647593.bat
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240647921.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648171.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648328.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648687.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240648718.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649046.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649328.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240649734.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650156.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240650625.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651015.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651421.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651500.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651875.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240651968.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652093.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652453.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240652921.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653031.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653421.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240653875.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240654703.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655140.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655531.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655812.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240655968.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656484.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240656921.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657250.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657375.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657640.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240657703.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658250.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658437.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658640.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240658640.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659093.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659609.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240659859.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660281.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660468.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660765.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240660765.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661203.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661562.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240661937.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662421.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240662546.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663125.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663453.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240663562.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664015.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240664750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665359.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665562.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240665906.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666437.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666437.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666859.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240666953.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667078.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667734.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240667750.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668187.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668593.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668734.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240668984.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669156.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669406.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240669812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670000.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670375.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670453.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240670859.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671296.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671328.bat
C:\Windows\SysWOW64\simyaapi.exe
C:\Windows\system32\simyaapi.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671687.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671750.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240671765.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672062.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672203.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672968.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240672968.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673031.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673078.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673109.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673171.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673312.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673546.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240673812.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674109.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674296.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674703.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674750.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240674890.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675156.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675265.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675343.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675390.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675625.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675671.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675765.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675828.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240675906.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676000.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676046.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676171.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676250.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676343.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676640.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676687.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676843.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240676984.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677093.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677140.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677234.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677406.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677484.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677500.bat
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~DFD240677546.bat
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
Files
memory/2700-0-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Windows\SysWOW64\mpmycapi.dll
| MD5 | 18edae92ac178726af673d9418e6e265 |
| SHA1 | 2ca89d44790e80fa23f592bf6db8ac38d2794e00 |
| SHA256 | 8c54a9477c97703b31a2c105c2d0e2d86425efa7bfb2712f7b314c6a841d33bd |
| SHA512 | 1a25b21831bfacfc8e37fa27ac012c9dcf180266be62fadd2f4f581a8ee71d05bd0f22d34587a01e591a52667325c95b54ce1edacf7aecac533f4a7527d406d4 |
C:\Windows\SysWOW64\simyaapi.exe
| MD5 | 03b877ce012f3ac4f716e2ec55750b47 |
| SHA1 | ff29973c58d3a2c882e31fae26b8fa41f1aae2df |
| SHA256 | 0e6ec0f492e95d058170122908c7fa03c964b44d30a8011bc4a4a81c52bdbb04 |
| SHA512 | bbbce992cd79047b238788206b91b49e52c8148ba52fd57756115e68deed0bf9615b141672e929433f9d5734b08f4068b51680b71c4e9dd81f14eb51c12beb4c |
C:\Users\Admin\AppData\Local\Temp\~DFD240602546.bat
| MD5 | 09517fc62284f33e877a276463580bd1 |
| SHA1 | 0b14fe1db4493818f9de0bf2a56ee5370b8d479a |
| SHA256 | 6cc6bbb1f3f754b6894d84130f5f2d86569ac3a603e1632d3cefa028f22b6238 |
| SHA512 | 1b924dd216d0f38199cc6df215e65ff260aa48fa37aa620dabcbc616f434643bd1f2e617d66b14bd52900214148741565128ba9589782ba582fd7308369f4a4d |
memory/6692-1020-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 95952ff53348e275c7e43f16028e4f6a |
| SHA1 | ad4bf948131159d345d0891dd0a17dcf248228de |
| SHA256 | b8d60987c9b2b41fec675946203dad021648c2e223aa69f59e67399f2aec578a |
| SHA512 | 5c9b0d1bcf367fbf707713e45aa1cf0638f351d5af28858156e5c32a56972aa7f8203bac3a756021c2a089e5ffd187503729bd72d732a153811ce8106bab54cf |
C:\Windows\SysWOW64\mpmycapi.dll
| MD5 | 7fdb9ce87e944f136288e3af125ffcc5 |
| SHA1 | 28a931f1f0e1b1479a0e1d1ec7c1eca3ac496eb6 |
| SHA256 | f396e083446910b3a1fa824fbaef7ab0913bb489c77ca70bd88d88199cf2eeb8 |
| SHA512 | 60095d6b7e664919bef37ee886b0921fb8ecd3674160dcf9273e7156f8bac8b28bf68afcac5a8d9fccbe394f8032394a9a220955d45e9090d75ce28ca0108228 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | efa7acc7dbdbb865ef828df13ede7b6b |
| SHA1 | 6d57bd9a91763e211ad906d3bd319aa3963396a7 |
| SHA256 | 115d4bf55d9b6c3d410b9b70608d1d43c7330a3cc0a20f1044bf7f8d2a77a4b9 |
| SHA512 | 41498792e79c6d169e7cffdf70dda902eec0de4145e9334b76594189241a2f0d1edda5822937251ee5981811780d9cdfa8475126eb84b3f139729455265a34e1 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | d39f4a3d599d01e9a01b9705bfb0b22f |
| SHA1 | 1a0d2ccc11a5f1c960c855f221e2670ab28f1109 |
| SHA256 | 58571834911c012a572dd94463dbb6c088e7c2e01a9236e3231634d14379ff74 |
| SHA512 | ac421feda74cd77a8d18e4799c4f985a5147b668f0eb3385a226960df12ed54e506e70c1d6d9a0825961599364ec18b05abf072b4a61bf23a9beb1a9495bd40a |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | b583ff15489f992f997971abb13e857d |
| SHA1 | 2615921e281743a6e0eb5b482ed88be48ac58caa |
| SHA256 | 94bb9262c6ba088e0545f731aacd160a90d422fd0bbb695e97e6db2757193b9d |
| SHA512 | 4cd5c81e88e424460c54f6f8e793a88f497f4997621c4d3d0a71c721f98974b7736fa89cc3700e2134d3d0fb4e72b0a95f9daf38e8f453e48f9d2b1f5db6d535 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 7c5480d7ded193b7ac93a0040a0bc70d |
| SHA1 | 90b5e701bd25aa848afa88ea960fff5f9ec14a1e |
| SHA256 | 4b3fe4e4c91463cddb6b3b443b28a3c710b85426e1e3b983997defa93e913a61 |
| SHA512 | 22c8cee8cb5f7b29da3d2809a33124eeffbd6331e070d7c77b85ba029209e337a62d64747d68172121f5b71dbbd815230258a572086002c86e468aa9093195f2 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | cc5816c4cf23346242c0ceaa3d2941a6 |
| SHA1 | c14908cc1c7d8d20ac3b66c1e7e0f2e781a8db13 |
| SHA256 | 732392ec9a99c6232c392be11bbb7d868ddb0583fd3bd7d05b588299e2ce42b7 |
| SHA512 | 5e2c6d539989cfba433210e6c097add17464c4c48ef9a4fb9e304a65ce3f63f5dc520087823d6d9cac7ee45fe65a45d2ab5b7136c0c554f69e39b326a4efa08d |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | cdc776f843097ce4093b085e1eae8768 |
| SHA1 | 1435fe37a0649537fd479c12c03b2f5634f78373 |
| SHA256 | 7f238693de286115403a9cfc595e2209a6578977e5fb5a43ba1904b8428e57c1 |
| SHA512 | b1e06d7cb1858449d2b05980ea7a07d091726604c984aef1296a2e655c0d76ccc82340562bd4f7b0b885d3f7c9a5a0d56ce65ddebf0de6833829147d3a4a4958 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 200b365844524ad639120d3f4448944c |
| SHA1 | 9ef58da66c07c728b56b56bf6ac8a036bf59a74c |
| SHA256 | 95b1921eb123ff28f3355974059ff2b828a041af8226f8117ff6fad49eacd1a2 |
| SHA512 | 3c3dcd0eaab0a80f2323dd9fa925567545d89305e27fb098629157c915f9edfc31eade8abafc1eee9f76822587539bdd579d306f15f77342ab753391ebf887b0 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | cd315c4350e9d5f8831d248d4bd4d89e |
| SHA1 | 1a0bd5c0d5b015d559fa28674b3b1401c5f3cc82 |
| SHA256 | dc07b0079c4696f4b501e10ecffd9549f7ef1ebfdc2167b56a17943f4547f3c1 |
| SHA512 | 49ede3138800e9d2a2e57fc76a471f6a1d16ef44dcb8e3c594c77bb0123b9731e6dbc9d395a592d4e81491d9ea2d1f76c563dbfcf1952a21de24d83a0bb6f6a2 |
memory/2700-10181-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 991184bdcd5a094d4c346b5aa610229e |
| SHA1 | 1e04e5807f517eb3c7164a271ceccb1cce12c3c7 |
| SHA256 | b353ce10352d2e2478242884b9831a14e0dc90f8ddc91848702e53fb54d39809 |
| SHA512 | 8907dbad3e9dd00f8a88fbb75816862483725e8cc564f91ae88176842d4a95964535b5e5e171fa1691bf04395f60a496cd7a298ae2c7b1dd68d1ae483359d663 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | fdc6f88c66974bd466cb263f32588a71 |
| SHA1 | e22485985249c6afb812454328ffa84e2fe8c177 |
| SHA256 | 0abda706956f302c5021cda6190a3f0b39617b6bfcbeec8e66050fd8f171f0da |
| SHA512 | fdccb8f9235a26d3f00020b6b0ca05b6076dc3c504f0822266fe5c1124c03799797bbd58762656fc8085cdec167bec0416000902fea24a4b1d26abc94a325f81 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 92f50f6585a213512ba9aa798aea7214 |
| SHA1 | 9d266420580c813ae33c9582a16affe071b43904 |
| SHA256 | 2795b67de72c97f2f2ef0bbb9fa325ed0c9642ddb8a0eda393b9709557358b7e |
| SHA512 | 113df8f70470f887c2ed1e6970bb914814ee4f29e8b17d18345d03ace3a1c5107b41f3975bd9c5d7a46a09dd995722cd41035f51a2bd9e99c083d5eca28a5224 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | a3ed02ac6b33e8a2251b0a119d66e427 |
| SHA1 | f2374747fdcd1e77576705461a86d9824f862530 |
| SHA256 | 754af3e01804e764d539cc00fcf2106faa792f84391ac6faf644a21470bb714a |
| SHA512 | 41de67db4683b30d7ff64909ed3d2d0d06f40bda208ddf7ad828f657629f4105debac666e1aa9228eea551637acb06a08fd044920df3f892a9db1eb94e624e54 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | 81525296f5f55ca75495410d5425c8a4 |
| SHA1 | 8e42e1329b6fed9e9b8e5b4f5b9b0dff83781a81 |
| SHA256 | 9d712dfe2436a533f876ffa8b970ba366f508c101c05a83d7ec2811e56d48889 |
| SHA512 | 5c7bdb22ca977296f5cf5292e810b47f550a46543f8697c84898938af2135123d0c1dc0006a830a2771615a645a31cacee659c7dea3f6d4f09df93a44a5c8c55 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | a4bb388c6474ecceb9b6cc8282f5813a |
| SHA1 | aa11121143483c3b66a5a62d28f3b0cbc61f7466 |
| SHA256 | 98c84c00bca48933d41d763ab0368e3efd6c6cfa6eb6be184163975d7c8b49cb |
| SHA512 | 86442369a36eb308160c2bca051f457c0e93114b741d4bbd4579c5980b143be509256489a75236777450937ccbc8f2503e3f3fccc51232c1a4c84d5f0bf517f5 |
C:\Windows\SysWOW64\spmyaapi.sys
| MD5 | a594ec8ba477ecdd666087f8f2d9488a |
| SHA1 | 51290e6a909e03f65353eef66433345ec61f7630 |
| SHA256 | 07a05c3d13a40a0549e01a2df5fbd461909760862bd783edc6ea3bdd1ff07513 |
| SHA512 | ee2c9c17e43a5db992105a971115540c03513180e5027177a7eff9d480e17d4f128673108cd617de5493aa4d710ffbefbc03223a439f49af8b676c9677df32e0 |
memory/6196-19335-0x0000000000400000-0x0000000000419000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~DFD240635062.bat
| MD5 | 5acada48d37f71a3351c954a4bae360e |
| SHA1 | e1f65f291cdafd9a75c4f327e7ffb2df3bfd87e1 |
| SHA256 | b01ba7391fa8e6341758139c56e20c892d5aaffdfc75bdb7628557029fd4b133 |
| SHA512 | 5416c01dd6720bbff7d15150aab3152c5633437d05cf558f01994cbaed063942f1276939b6f2cbd7fecbe6992d4b84502467df95679675013aa4da874b1fcec0 |
memory/10848-71058-0x0000000000400000-0x0000000000419000-memory.dmp
memory/16704-155443-0x00000000006B0000-0x000000000070A000-memory.dmp