Malware Analysis Report

2025-04-13 20:50

Sample ID 250329-mf68es1xbx
Target 2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom
SHA256 c03dc0fa98369cf3ce5429f50ea3df6c9701fe0f10a92182d86c765b66a3fa4c
Tags
svcstealer downloader stealer discovery persistence pyinstaller spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c03dc0fa98369cf3ce5429f50ea3df6c9701fe0f10a92182d86c765b66a3fa4c

Threat Level: Known bad

The file 2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom was found to be: Known bad.

Malicious Activity Summary

svcstealer downloader stealer discovery persistence pyinstaller spyware

SvcStealer, Diamotrix

Svcstealer family

Detects SvcStealer Payload

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Blocklisted process makes network request

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Unsigned PE

Browser Information Discovery

Detects Pyinstaller

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-29 10:25

Signatures

Detects SvcStealer Payload

Description Indicator Process Target
N/A N/A N/A N/A

Svcstealer family

svcstealer

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-29 10:25

Reported

2025-03-29 10:28

Platform

win7-20240903-en

Max time kernel

0s

Max time network

1s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe"

Signatures

Detects SvcStealer Payload

Description Indicator Process Target
N/A N/A N/A N/A

SvcStealer, Diamotrix

stealer downloader svcstealer

Svcstealer family

svcstealer

Processes

C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe

"C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe"

C:\ProgramData\fdfdfdfdfdfeee.exe

"C:\ProgramData\fdfdfdfdfdfeee.exe"

Network

N/A

Files

\ProgramData\fdfdfdfdfdfeee.exe

MD5 384eafd9fc574b7fe08f16b8c8d3d91b
SHA1 3112e56140fbb6e263bd627451ba42dca54ebeab
SHA256 5993bacf6421f3fb0484a721ca08e8f4d480aff230aab0dd38c0ed364c84ba15
SHA512 7371bf5dcd2b77b372c61e5528c6e90b6610ce784ca646a697bafc9f534eabb3dd06657c7a883f6949fd71861392f9c20fa2a6d0592f40f05e3e09743e14acce

C:\ProgramData\fdfdfdfdfdfeee.exe

MD5 b426168eec66e26bc7540911f34cfa21
SHA1 0cb6c332b933b726901b05e8688e63c8bba6ad76
SHA256 5c57f49e4aa6f13fc503f0dcc72ac00d4a577d03a33b23556aea27c3bc388261
SHA512 ebc640c6f71ca844eb8969aaebd56ecfa4b7c203928535ca26053c465a88b4b5fafebb4ebc7c498f94007e15352608926102daa7d2540757c85b41601e1a3af7

C:\ProgramData\bvbvbvbvbvbccc.exe

MD5 19406ce30bc38b421bcdd44d5f18cd3d
SHA1 ec4bd3785de3eaa8f4442bcfb2f2c45c9d8502e5
SHA256 cb9c89fe45a6ccf9aad5dfaf7dd392e71f31cc1ff20472c4c8567919c1f99ec2
SHA512 b53562336073f66e3518981409f2e278b445b81c154d40f2b5ebbefeda8e1cacab64c52bbcfc09cbdc5f3af6335e9306e3ffa2e500bdc0d3c1aa421cae78b85e

memory/2924-23-0x000000013FB50000-0x000000013FBEF000-memory.dmp

C:\ProgramData\trtrtrtrtrtrteee.exe

MD5 0524a00c50985adaf82da523c1e5bc78
SHA1 b3c7985ce57e655844b51be3d1f37502ef04d6ea
SHA256 da60064416fb8c9e1b5828b21522b6f7ccc9c698551ec9f34ab117df64d63f82
SHA512 ddf79a44b7012c4ea1d0cade619864c1be9fa26d270b5a26ece5d2d47ea73aceab4f7531ac90f33f61b4eb54d57f2ab1b548dc270cdb89ab3d9a2411e265671a

memory/1244-31-0x0000000004FF0000-0x0000000005095000-memory.dmp

memory/1956-25-0x00000000024E0000-0x000000000257F000-memory.dmp

\ProgramData\trtrtrtrtrtrteee.exe

MD5 7066a76e80b30fdb6adc1e5bc1c3aa2a
SHA1 b42407fbee499315ffe123ff805f390bcb11dee1
SHA256 f94c5dfc4d5a8e9e429bbf922c6ddbdec3f43c9fe440da322c2610333082be00
SHA512 497039e965e6492bd82400237a9f9615513b558dd929f89dfc69ecb77d2693b56db37cb18962fce1971493908c891b485e5f88dc94387ef46acba6480a94a5d8

C:\ProgramData\trtrtrtrtrtrteee.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-29 10:25

Reported

2025-03-29 10:28

Platform

win10v2004-20250313-en

Max time kernel

150s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detects SvcStealer Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SvcStealer, Diamotrix

stealer downloader svcstealer

Svcstealer family

svcstealer

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation C:\ProgramData\fdfdfdfdfdfeee.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\bvbvbvbvbvbccc.exe N/A
N/A N/A C:\ProgramData\trtrtrtrtrtrteee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe N/A
N/A N/A C:\ProgramData\trtrtrtrtrtrteee.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\sysxxcchceck.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\sysxchceck.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\sysxapcpteam.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syxstccx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
N/A N/A C:\ProgramData\bvbvbvbvbvbccc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
N/A N/A C:\ProgramData\Winsrv\winsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_14888.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_14891.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_14891.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_14891.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\efefefebdcc.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\Users\\Admin\\AppData\\Roaming\\syxxbsxtccx.exe" C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\ProgramData\\Winsrv\\winsvc.exe" C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Users\\Admin\\AppData\\Roaming\\62B0AE0A43EE3663812181\\62B0AE0A43EE3663812181.exe" C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Users\\Admin\\AppData\\Roaming\\62B0AE0A43EE3663812181\\62B0AE0A43EE3663812181.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efefefebdcc = "\"C:\\ProgramData\\bvbvbvbvbvbccc.exe\"" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efefefebdcc = "\"C:\\ProgramData\\efefefebdcc.exe\"" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efefefebdcc = "\"C:\\ProgramData\\efefefebdcc.exe\"" C:\ProgramData\bvbvbvbvbvbccc.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4888 set thread context of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 3328 set thread context of 5356 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 408 set thread context of 5748 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3272 set thread context of 1020 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1636 set thread context of 4744 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5808 set thread context of 5272 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2412 set thread context of 4688 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4976 set thread context of 3296 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1596 set thread context of 5492 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4244 set thread context of 1548 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3592 set thread context of 2244 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2640 set thread context of 5672 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 544 set thread context of 1976 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5472 set thread context of 4360 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 8 set thread context of 4888 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1632 set thread context of 4808 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4728 set thread context of 1032 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2648 set thread context of 4124 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3328 set thread context of 4940 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4648 set thread context of 4916 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5552 set thread context of 3464 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5428 set thread context of 2648 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5616 set thread context of 5624 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 6020 set thread context of 4648 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4988 set thread context of 5604 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 6132 set thread context of 1380 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4336 set thread context of 2536 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4916 set thread context of 3256 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5320 set thread context of 4496 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4128 set thread context of 1708 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2820 set thread context of 4004 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5056 set thread context of 5692 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3336 set thread context of 4528 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 772 set thread context of 5868 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1936 set thread context of 1632 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5648 set thread context of 5236 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4500 set thread context of 1900 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5628 set thread context of 4516 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5876 set thread context of 2724 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5596 set thread context of 2848 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5828 set thread context of 4308 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3880 set thread context of 4584 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2060 set thread context of 3276 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2384 set thread context of 3292 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1516 set thread context of 3308 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 1940 set thread context of 1256 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2764 set thread context of 4276 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2796 set thread context of 5828 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2392 set thread context of 4996 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3728 set thread context of 3968 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 5572 set thread context of 1476 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 3464 set thread context of 1480 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 848 set thread context of 3136 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 2132 set thread context of 724 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4832 set thread context of 5692 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe
PID 4244 set thread context of 4296 N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe C:\Windows\system32\msiexec.exe

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\syxstccx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Launcher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Winsrv\winsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\temp_14888.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CCAF.tmp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\bvbvbvbvbvbccc.exe N/A
N/A N/A C:\ProgramData\bvbvbvbvbvbccc.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\ProgramData\fdfdfdfdfdfeee.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4472 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\fdfdfdfdfdfeee.exe
PID 4472 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\fdfdfdfdfdfeee.exe
PID 4472 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\bvbvbvbvbvbccc.exe
PID 4472 wrote to memory of 5172 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\bvbvbvbvbvbccc.exe
PID 5172 wrote to memory of 3540 N/A C:\ProgramData\bvbvbvbvbvbccc.exe C:\Windows\Explorer.EXE
PID 3540 wrote to memory of 1744 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 1744 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 3176 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 3176 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 2372 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 2372 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 4472 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\trtrtrtrtrtrteee.exe
PID 4472 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\ProgramData\trtrtrtrtrtrteee.exe
PID 4472 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe
PID 4472 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe
PID 688 wrote to memory of 4908 N/A C:\ProgramData\trtrtrtrtrtrteee.exe C:\ProgramData\trtrtrtrtrtrteee.exe
PID 688 wrote to memory of 4908 N/A C:\ProgramData\trtrtrtrtrtrteee.exe C:\ProgramData\trtrtrtrtrtrteee.exe
PID 4880 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe
PID 4880 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe
PID 4880 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\sysxxcchceck.exe
PID 4880 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\sysxxcchceck.exe
PID 4880 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 4880 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 4880 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 4880 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe
PID 4880 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe
PID 2220 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\sysxchceck.exe
PID 2220 wrote to memory of 724 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\sysxchceck.exe
PID 2220 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\sysxapcpteam.exe
PID 2220 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\sysxapcpteam.exe
PID 2220 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\syxstccx.exe
PID 2220 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\syxstccx.exe
PID 2220 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Roaming\syxstccx.exe
PID 2220 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Local\Temp\Launcher.exe
PID 2220 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Local\Temp\Launcher.exe
PID 2220 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe C:\Users\Admin\AppData\Local\Temp\Launcher.exe
PID 3540 wrote to memory of 5872 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 5872 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 2536 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 2536 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3176 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\ProgramData\bvbvbvbvbvbccc.exe
PID 3176 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\ProgramData\bvbvbvbvbvbccc.exe
PID 2372 wrote to memory of 5436 N/A C:\Windows\system32\cmd.exe C:\ProgramData\efefefebdcc.exe
PID 2372 wrote to memory of 5436 N/A C:\Windows\system32\cmd.exe C:\ProgramData\efefefebdcc.exe
PID 1744 wrote to memory of 3276 N/A C:\Windows\system32\cmd.exe C:\ProgramData\efefefebdcc.exe
PID 1744 wrote to memory of 3276 N/A C:\Windows\system32\cmd.exe C:\ProgramData\efefefebdcc.exe
PID 5872 wrote to memory of 448 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 5872 wrote to memory of 448 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 5872 wrote to memory of 448 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe
PID 2536 wrote to memory of 4500 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Winsrv\winsvc.exe
PID 2536 wrote to memory of 4500 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Winsrv\winsvc.exe
PID 2536 wrote to memory of 4500 N/A C:\Windows\system32\cmd.exe C:\ProgramData\Winsrv\winsvc.exe
PID 4888 wrote to memory of 3540 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\Explorer.EXE
PID 3540 wrote to memory of 1796 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 3540 wrote to memory of 1796 N/A C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe
PID 4888 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe C:\Windows\system32\msiexec.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe

"C:\Users\Admin\AppData\Local\Temp\2025-03-29_8a3b83fdea0984b4388d5ebeded4dc02_black-basta_cobalt-strike_rhadamanthys_satacom.exe"

C:\ProgramData\fdfdfdfdfdfeee.exe

"C:\ProgramData\fdfdfdfdfdfeee.exe"

C:\ProgramData\bvbvbvbvbvbccc.exe

"C:\ProgramData\bvbvbvbvbvbccc.exe"

C:\ProgramData\trtrtrtrtrtrteee.exe

"C:\ProgramData\trtrtrtrtrtrteee.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\bvbvbvbvbvbccc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe

"C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe"

C:\ProgramData\trtrtrtrtrtrteee.exe

"C:\ProgramData\trtrtrtrtrtrteee.exe"

C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe

"C:\Users\Admin\AppData\Roaming\syssxavvpcp.exe"

C:\Users\Admin\AppData\Roaming\sysxxcchceck.exe

"C:\Users\Admin\AppData\Roaming\sysxxcchceck.exe"

C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe

"C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe"

C:\Users\Admin\AppData\Local\Temp\ComboEeFlauncher.exe

"ComboEeFlauncher.exe"

C:\Users\Admin\AppData\Roaming\sysxchceck.exe

"C:\Users\Admin\AppData\Roaming\sysxchceck.exe"

C:\Users\Admin\AppData\Roaming\sysxapcpteam.exe

"C:\Users\Admin\AppData\Roaming\sysxapcpteam.exe"

C:\Users\Admin\AppData\Roaming\syxstccx.exe

"C:\Users\Admin\AppData\Roaming\syxstccx.exe"

C:\Users\Admin\AppData\Local\Temp\Launcher.exe

"Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\ProgramData\Winsrv\winsvc.exe

C:\ProgramData\bvbvbvbvbvbccc.exe

C:\ProgramData\bvbvbvbvbvbccc.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe

C:\Users\Admin\AppData\Roaming\syxxbsxtccx.exe

C:\ProgramData\Winsrv\winsvc.exe

C:\ProgramData\Winsrv\winsvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\F9E1.tmp\F9E2.tmp\F9E3.bat C:\Users\Admin\AppData\Local\Temp\Launcher.exe"

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Local\Temp\temp_14888.exe

"C:\Users\Admin\AppData\Local\Temp\temp_14888.exe"

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\AppData\Local\Temp\temp_14891.exe

"C:\Users\Admin\AppData\Local\Temp\temp_14891.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Local\Temp\temp_14891.exe

"C:\Users\Admin\AppData\Local\Temp\temp_14891.exe"

C:\Users\Admin\AppData\Local\Temp\temp_14891.exe

"C:\Users\Admin\AppData\Local\Temp\temp_14891.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Local\Temp\DF9E.tmp.exe

C:\Users\Admin\AppData\Local\Temp\DF9E.tmp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Users\Admin\AppData\Local\Temp\CCAF.tmp.exe

C:\Users\Admin\AppData\Local\Temp\CCAF.tmp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\efefefebdcc.exe"

C:\ProgramData\efefefebdcc.exe

C:\ProgramData\efefefebdcc.exe

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

Network

Country Destination Domain Proto
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.195:80 c.pki.goog tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
RU 176.113.115.149:80 176.113.115.149 tcp
US 8.8.8.8:53 diamotrix.online udp
RU 185.81.68.156:80 185.81.68.156 tcp

Files

C:\ProgramData\fdfdfdfdfdfeee.exe

MD5 1639bd7a1ca79ca231b0328601283638
SHA1 49c9304e08fef4417ce00e1e9488694d57a2af58
SHA256 c60a67219adc05e3ca87964af5a3012cbf7bd515f27e78418f48fb09b730d9be
SHA512 8f4e74a40ea64505f8f1e36ca9ecbc3ab1d5d779cf4d8b5027a471a8ac98c970e0cda209d2c6321b8003ccdcace81fc671f0a05b75dabc4806b9486c643973cb

C:\ProgramData\bvbvbvbvbvbccc.exe

MD5 8d69a1215e6253e21648aeb3df501d3d
SHA1 17c2a3ed3fdbcdb3ccfabcf40ed40b0294790849
SHA256 d1c4b620bddea17608512439f5d182f76318b6c85486af6d588c41bed14e27ab
SHA512 eed8f96dbbaa5c56d0e1f39fc0fa9d1a71136c2ac10c87a88be7f9884d6bce52975cb2731eb6a90ce374ae0050975ec74e7e114a3f7b44dab41e8f9c13159abd

C:\ProgramData\trtrtrtrtrtrteee.exe

MD5 27a2b49582305cba865aa3df6fb1d1cb
SHA1 4f20c25ef27026b793993c423ab70580a89ecb0e
SHA256 83fc66ef3b1f81e9eb9fedf13781face99f2aaf0359798bfa5dcc39965493dfd
SHA512 e0913e7e8c83a1f91dce3c85b88bc5d89bfe783999edeedb6fb88670479f0c851b963a2992fdcc1551c367017093ea9134e3b61e050bee1f77aaaf97ade2eacf

C:\Users\Admin\AppData\Local\Temp\LauncherApp.exe

MD5 62ba2396feea7a7dd8b57ce158a1530d
SHA1 dcacb96ac106445077c1bf908bd33af499801061
SHA256 c48737436e8431feb75ec1ed44c9483f2655535ae7db812903c246c1ca2eb731
SHA512 12d18d6f3a4532d3e0638a0ae72b4744c066a6e94807ea8dd05f30fddc993b7ee7d3a0df461e37b8f1c586ce3ce32e9890906a08f8fb11066115286c1990e218

C:\Users\Admin\AppData\Local\Temp\_MEI6882\ucrtbase.dll

MD5 4e326feeb3ebf1e3eb21eeb224345727
SHA1 f156a272dbc6695cc170b6091ef8cd41db7ba040
SHA256 3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9
SHA512 be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67

memory/3540-182-0x00000000014E0000-0x00000000014E1000-memory.dmp

memory/4080-183-0x00007FF61F020000-0x00007FF61F0BF000-memory.dmp

memory/5436-184-0x00007FF710D50000-0x00007FF710DEF000-memory.dmp

C:\ProgramData\Winsrv\winsvc.exe

MD5 421082a69f2904a743664e58906b6504
SHA1 9fe739b9b7babfcadfe98cd2f8ce77e30dd7771b
SHA256 06e56563a4fab2b78642ce7c5ab19c75c72b5f7e9bfb0e658e95579b75b3d2c2
SHA512 fb039bf608f2fa7d2bb14047dd744d6129fed09c4dd006471636eba463cd9b84e42aa3d875db463a76ee3d10e548d6c8ebf735ccea4004ec084b78a71e8b7869

C:\Users\Admin\AppData\Local\Temp\History

MD5 83c468b78a1714944e5becf35401229b
SHA1 5bb1aaf85b2b973e4ba33fa8457aaf71e4987b34
SHA256 da5fdb5a9d869b349244f1ab62d95b0dbd05ac12ff45a6db157da829566a6690
SHA512 795aa24a35781ea1e91cdb1760aef90948a61c0f96f94f20585662bdce627443a702f7b2637472cb595e027b1989cec822959dcad4b121928dbb2f250b2df599

memory/3540-178-0x00000000014D0000-0x00000000014D1000-memory.dmp

memory/2264-177-0x00007FF699EF0000-0x00007FF699F01000-memory.dmp

memory/3540-229-0x0000000003570000-0x0000000003571000-memory.dmp

memory/5184-231-0x00007FF6C71E0000-0x00007FF6C71EA000-memory.dmp

memory/5184-230-0x00000209EE100000-0x00000209EE101000-memory.dmp

memory/3540-226-0x0000000009130000-0x0000000009183000-memory.dmp

memory/3540-224-0x0000000003420000-0x0000000003464000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI6882\_hashlib.pyd

MD5 a6448bc5e5da21a222de164823add45c
SHA1 6c26eb949d7eb97d19e42559b2e3713d7629f2f9
SHA256 3692fc8e70e6e29910032240080fc8109248ce9a996f0a70d69acf1542fca69a
SHA512 a3833c7e1cf0e4d181ac4de95c5dfa685cf528dc39010bf0ac82864953106213eccff70785021ccb05395b5cf0dcb89404394327cd7e69f820d14dfa6fba8cba

C:\Users\Admin\AppData\Local\Temp\_MEI6882\_bz2.pyd

MD5 3dc8af67e6ee06af9eec52fe985a7633
SHA1 1451b8c598348a0c0e50afc0ec91513c46fe3af6
SHA256 c55821f5fdb0064c796b2c0b03b51971f073140bc210cbe6ed90387db2bed929
SHA512 da16bfbc66c8abc078278d4d3ce1595a54c9ef43ae8837ceb35ae2f4757b930fe55e258827036eba8218315c10af5928e30cb22c60ff69159c8fe76327280087

C:\Users\Admin\AppData\Local\Temp\_MEI6882\unicodedata.pyd

MD5 4c0d43f1a31e76255cb592bb616683e7
SHA1 0a9f3d77a6e064baebacacc780701117f09169ad
SHA256 0f84e9f0d0bf44d10527a9816fcab495e3d797b09e7bbd1e6bd666ceb4b6c1a8
SHA512 b8176a180a441fe402e86f055aa5503356e7f49e984d70ab1060dee4f5f17fcec9c01f75bbff75ce5f4ef212677a6525804be53646cc0d7817b6ed5fd83fd778

C:\Users\Admin\AppData\Local\Temp\_MEI6882\select.pyd

MD5 6ae54d103866aad6f58e119d27552131
SHA1 bc53a92a7667fd922ce29e98dfcf5f08f798a3d2
SHA256 63b81af5d3576473c17ac929bea0add5bf8d7ea95c946caf66cbb9ad3f233a88
SHA512 ff23f3196a10892ea22b28ae929330c8b08ab64909937609b7af7bfb1623cd2f02a041fd9fab24e4bc1754276bdafd02d832c2f642c8ecdcb233f639bdf66dd0

C:\Users\Admin\AppData\Local\Temp\_MEI6882\libcrypto-1_1.dll

MD5 bf83f8ad60cb9db462ce62c73208a30d
SHA1 f1bc7dbc1e5b00426a51878719196d78981674c4
SHA256 012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d
SHA512 ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-utility-l1-1-0.dll

MD5 fe1096f1ade3342f049921928327f553
SHA1 118fb451ab006cc55f715cdf3b5e0c49cf42fbe0
SHA256 88d3918e2f063553cee283306365aa8701e60fb418f37763b4719f9974f07477
SHA512 0a982046f0c93f68c03a9dd48f2bc7aee68b9eebeaea01c3566b2384d0b8a231570e232168d4608a09136bcb2b1489af802fd0c25348f743f0c1c8955edd41c1

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-time-l1-1-0.dll

MD5 2fd0da47811b8ed4a0abdf9030419381
SHA1 46e3f21a9bd31013a804ba45dc90cc22331a60d1
SHA256 de81c4d37833380a1c71a5401de3ab4fe1f8856fc40d46d0165719a81d7f3924
SHA512 2e6f900628809bfd908590fe1ea38e0e36960235f9a6bbccb73bbb95c71bfd10f75e1df5e8cf93a682e4ada962b06c278afc9123ab5a4117f77d1686ff683d6f

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-string-l1-1-0.dll

MD5 f22faca49e4d5d80ec26ed31e7ecd0e0
SHA1 473bcbfb78e6a63afd720b5cbe5c55d9495a3d88
SHA256 1eb30ea95dae91054a33a12b1c73601518d28e3746db552d7ce120da589d4cf4
SHA512 c8090758435f02e3659d303211d78102c71754ba12b0a7e25083fd3529b3894dc3ab200b02a2899418cc6ed3b8f483d36e6c2bf86ce2a34e5fd9ad0483b73040

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-stdio-l1-1-0.dll

MD5 120a5dc2682cd2a838e0fc0efd45506e
SHA1 8710be5d5e9c878669ff8b25b67fb2deb32cd77a
SHA256 c14f0d929a761a4505628c4eb5754d81b88aa1fdad2154a2f2b0215b983b6d89
SHA512 4330edf9b84c541e5ed3bb672548f35efa75c6b257c3215fc29ba6e152294820347517ec9bd6bde38411efa9074324a276cf0d7d905ed5dd88e906d78780760c

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-runtime-l1-1-0.dll

MD5 21b509d048418922b92985696710afca
SHA1 c499dd098aab8c7e05b8b0fd55f994472d527203
SHA256 fe7336d2fb3b13a00b5b4ce055a84f0957daefdace94f21b88e692e54b678ac3
SHA512 c517b02d4e94cf8360d98fd093bca25e8ae303c1b4500cf4cf01f78a7d7ef5f581b99a0371f438c6805a0b3040a0e06994ba7b541213819bd07ec8c6251cb9bb

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-process-l1-1-0.dll

MD5 54a8fca040976f2aac779a344b275c80
SHA1 ea1f01d6dcdf688eb0f21a8cb8a38f03bc777883
SHA256 7e90e7acc69aca4591ce421c302c7f6cdf8e44f3b4390f66ec43dff456ffea29
SHA512 cb20bed4972e56f74de1b7bc50dc1e27f2422dbb302aecb749018b9f88e3e4a67c9fc69bbbb8c4b21d49a530cc8266172e7d237650512aafb293cdfe06d02228

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-math-l1-1-0.dll

MD5 487f72d0cf7dc1d85fa18788a1b46813
SHA1 0aabff6d4ee9a2a56d40ee61e4591d4ba7d14c0d
SHA256 560baf1b87b692c284ccbb82f2458a688757231b315b6875482e08c8f5333b3d
SHA512 b7f4e32f98bfdcf799331253faebb1fb08ec24f638d8526f02a6d9371c8490b27d03db3412128ced6d2bbb11604247f3f22c8380b1bf2a11fb3bb92f18980185

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-locale-l1-1-0.dll

MD5 d51bc845c4efbfdbd68e8ccffdad7375
SHA1 c82e580ec68c48e613c63a4c2f9974bb59182cf6
SHA256 89d9f54e6c9ae1cb8f914da1a2993a20de588c18f1aaf4d66efb20c3a282c866
SHA512 2e353cf58ad218c3e068a345d1da6743f488789ef7c6b96492d48571dc64df8a71ad2db2e5976cfd04cf4b55455e99c70c7f32bd2c0f4a8bed1d29c2dafc17b0

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-heap-l1-1-0.dll

MD5 43bf2037bfd3fb60e1fedac634c6f86e
SHA1 959eebe41d905ad3afa4254a52628ec13613cf70
SHA256 735703c0597da278af8a6359fc051b9e657627f50ad5b486185c2ef328ad571b
SHA512 7042846c009efea45ca5fafdc08016eca471a8c54486ba03f212abba47467f8744e9546c8f33214620f97dbcc994e3002788ad0db65b86d8a3e4ff0d8a9d0d05

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 633dca52da4ebaa6f4bf268822c6dc88
SHA1 1ebfc0f881ce338d2f66fcc3f9c1cbb94cdc067e
SHA256 424fd5d3d3297a8ab1227007ef8ded5a4f194f24bd573a5211be71937aa55d22
SHA512 ed058525ee7b4cc7e12561c7d674c26759a4301322ff0b3239f3183911ce14993614e3199d8017b9bfde25c8cb9ac0990d318bb19f3992624b39ec0f084a8df1

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-environment-l1-1-0.dll

MD5 33a0fe1943c5a325f93679d6e9237fee
SHA1 737d2537d602308fc022dbc0c29aa607bcdec702
SHA256 5af7aa065ffdbf98d139246e198601bfde025d11a6c878201f4b99876d6c7eac
SHA512 cab7fcaa305a9ace1f1cc7077b97526bebc0921adf23273e74cd42d7fe99401d4f7ede8ecb9847b6734a13760b9ebe4dbd2465a3db3139ed232dbef68fb62c54

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-convert-l1-1-0.dll

MD5 da5e087677c8ebbc0062eac758dfed49
SHA1 ca69d48efa07090acb7ae7c1608f61e8d26d3985
SHA256 08a43a53a66d8acb2e107e6fc71213cedd180363055a2dc5081fe5a837940dce
SHA512 6262e9a0808d8f64e5f2dfad5242cd307e2f5eaa78f0a768f325e65c98db056c312d79f0b3e63c74e364af913a832c1d90f4604fe26cc5fb05f3a5a661b12573

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-crt-conio-l1-1-0.dll

MD5 22bfe210b767a667b0f3ed692a536e4e
SHA1 88e0ff9c141d8484b5e34eaaa5e4be0b414b8adf
SHA256 f1a2499cc238e52d69c63a43d1e61847cf852173fe95c155056cfbd2cb76abc3
SHA512 cbea3c690049a73b1a713a2183ff15d13b09982f8dd128546fd3db264af4252ccd390021dee54435f06827450da4bd388bd6ff11b084c0b43d50b181c928fd25

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-util-l1-1-0.dll

MD5 edd61ff85d75794dc92877f793a2cef6
SHA1 de9f1738fc8bf2d19aa202e34512ec24c1ccb635
SHA256 8aca888849e9089a3a56fa867b16b071951693ab886843cfb61bd7a5b08a1ece
SHA512 6cef9b256cdca1a401971ca5706adf395961b2d3407c1fff23e6c16f7e2ce6d85d946843a53532848fcc087c18009c08f651c6eb38112778a2b4b33e8c64796c

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-timezone-l1-1-0.dll

MD5 eab486e4719b916cad05d64cd4e72e43
SHA1 876c256fb2aeb0b25a63c9ee87d79b7a3c157ead
SHA256 05fe96faa8429992520451f4317fbceba1b17716fa2caf44ddc92ede88ce509d
SHA512 c50c3e656cc28a2f4f6377ba24d126bdc248a3125dca490994f8cace0a4903e23346ae937bb5b0a333f7d39ece42665ae44fde2fd5600873489f3982151a0f5d

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 8aea681e0e2b9abbf73a924003247dbb
SHA1 5bafc2e0a3906723f9b12834b054e6f44d7ff49f
SHA256 286068a999fe179ee91b289360dd76e89365900b130a50e8651a9b7ece80b36d
SHA512 08c83a729036c94148d9a5cbc03647fa2adea4fba1bbb514c06f85ca804eefbf36c909cb6edc1171da8d4d5e4389e15e52571baa6987d1f1353377f509e269ab

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-synch-l1-2-0.dll

MD5 b751571148923d943f828a1deb459e24
SHA1 d4160404c2aa6aeaf3492738f5a6ce476a0584a6
SHA256 b394b1142d060322048fb6a8ac6281e4576c0e37be8da772bc970f352dd22a20
SHA512 26e252ff0c01e1e398ebddcc5683a58cdd139161f2b63b65bde6c3e943e85c0820b24486859c2c597af6189de38ca7fe6fa700975be0650cb53c791cd2481c9d

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-synch-l1-1-0.dll

MD5 b98598657162de8fbc1536568f1e5a4f
SHA1 f7c020220025101638fd690d86c53d895a03e53c
SHA256 f596c72be43db3a722b7c7a0fd3a4d5aea68267003986fbfd278702af88efa74
SHA512 ad5f46a3f4f6e64a5dcb85c328f1b8daefa94fc33f59922328fdcfedc04a8759f16a1a839027f74b7d7016406c20ac47569277620d6b909e09999021b669a0d6

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-string-l1-1-0.dll

MD5 bcb412464f01467f1066e94085957f42
SHA1 716c11b5d759d59dbfec116874e382d69f9a25b6
SHA256 f040b6e07935b67599ea7e32859a3e93db37ff4195b28b4451ad0d274db6330e
SHA512 79ec0c5ee21680843c8b7f22da3155b7607d5be269f8a51056cc5f060ad3a48ced3b6829117262aba1a90e692374b59ddfe92105d14179f631efc0c863bfdecb

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 e6b7681ccc718ddb69c48abe8709fdd6
SHA1 a518b705746b2c6276f56a2f1c996360b837d548
SHA256 4b532729988224fe5d98056cd94fc3e8b4ba496519f461ef5d9d0ff9d9402d4b
SHA512 89b20affaa23e674543f0f2e9b0a8b3ecd9a8a095e19d50e11c52cb205dafdbf2672892fd35b1c45f16e78ae9b61525de67dbe7673f8ca450aa8c42feeac0895

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-profile-l1-1-0.dll

MD5 654d95515ab099639f2739685cb35977
SHA1 9951854a5cf407051ce6cd44767bfd9bd5c4b0cc
SHA256 c4868e4cebdf86126377a45bd829d88449b4aa031c9b1c05edc47d6d395949d4
SHA512 9c9dd64a3ad1136ba62cca14fc27574faaebc3de1e371a86b83599260424a966dfd813991a5ef0b2342e0401cb99ce83cd82c19fcae73c7decdb92bac1fb58a8

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-processthreads-l1-1-1.dll

MD5 d6ad0f2652460f428c0e8fc40b6f6115
SHA1 1a5152871abc5cf3d4868a218de665105563775e
SHA256 4ef09fa6510eeebb4855b6f197b20a7a27b56368c63cc8a3d1014fa4231ab93a
SHA512 ceafeee932919bc002b111d6d67b7c249c85d30da35dfbcebd1f37db51e506ac161e4ee047ff8f7bf0d08da6a7f8b97e802224920bd058f8e790e6fa0ee48b22

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-processthreads-l1-1-0.dll

MD5 95612a8a419c61480b670d6767e72d09
SHA1 3b94d1745aff6aafeff87fed7f23e45473f9afc9
SHA256 6781071119d66757efa996317167904697216ad72d7c031af4337138a61258d4
SHA512 570f15c2c5aa599332dd4cfb3c90da0dd565ca9053ecf1c2c05316a7f623615dd153497e93b38df94971c8abf2e25bc1aaaf3311f1cda432f2670b32c767012a

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 1322690996cf4b2b7275a7950bad9856
SHA1 502e05ed81e3629ea3ed26ee84a4e7c07f663735
SHA256 5660030ee4c18b1610fb9f46e66f44d3fc1cf714ecce235525f08f627b3738d7
SHA512 7edc06bfa9e633351291b449b283659e5dd9e706dd57ade354bce3af55df4842491af27c7721b2acc6948078bdfc8e9736fec46e0641af368d419c7ed6aebd44

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 61f70f2d1e3f22e976053df5f3d8ecb7
SHA1 7d224b7f404cde960e6b7a1c449b41050c8e9c58
SHA256 2695761b010d22fdfda2b5e73cf0ac7328ccc62b4b28101d5c10155dd9a48020
SHA512 1ddc568590e9954db198f102be99eabb4133b49e9f3b464f2fc7f31cc77d06d5a7132152f4b331332c42f241562ee6c7bf1c2d68e546db3f59ab47eaf83a22cf

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-memory-l1-1-0.dll

MD5 623283471b12f1bdb83e25dbafaf9c16
SHA1 ecbba66f4dca89a3faa3e242e30aefac8de02153
SHA256 9ca500775fee9ff69b960d65040b8dc415a2efde2982a9251ee6a3e8de625bc7
SHA512 54b69ffa2c263be4ddadca62fa2867fea6148949d64c2634745db3dcbc1ba0ecf7167f02fa53efd69eaaee81d617d914f370f26ca16ee5850853f70c69e9a61f

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-localization-l1-2-0.dll

MD5 1d75e7b9f68c23a195d408cf02248119
SHA1 62179fc9a949d238bb221d7c2f71ba7c1680184c
SHA256 67ebe168b7019627d68064043680674f9782fda7e30258748b29412c2b3d4c6b
SHA512 c2ee84a9aeac34f7b51426d12f87bb35d8c3238bb26a6e14f412ea485e5bd3b8fb5b1231323d4b089cf69d8180a38ddd7fd593cc52cbdf250125ad02d66eea9d

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 569a7ac3f6824a04282ff708c629a6d2
SHA1 fc0d78de1075dfd4c1024a72074d09576d4d4181
SHA256 84c579a8263a87991ca1d3aee2845e1c262fb4b849606358062093d08afdc7a2
SHA512 e9cbff82e32540f9230cead9063acb1aceb7ccc9f3338c0b7ad10b0ac70ff5b47c15944d0dce33ea8405554aa9b75de30b26ae2ca55db159d45b6e64bc02a180

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-interlocked-l1-1-0.dll

MD5 1dccf27f2967601ce6666c8611317f03
SHA1 d8246df2ed9ec4a8a719fd4b1db4fd8a71ef679b
SHA256 6a83ab9a413afd74d77a090f52784b0128527bee9cb0a4224c59d5c75fc18387
SHA512 70b96d69d609211f8b9e05fa510ea7d574ae8da3a6498f5c982aee71635b8a749162247055b7ba21a884bfa06c1415b68912c463f0f1b6ffb9049f3532386877

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-heap-l1-1-0.dll

MD5 b071e761cea670d89d7ae80e016ce7e6
SHA1 c675be753dbef1624100f16674c2221a20cf07dd
SHA256 63fb84a49308b857804ae1481d2d53b00a88bbd806d257d196de2bd5c385701e
SHA512 f2ecbdaba3516d92bd29dcce618185f1755451d95c7dbbe23f8215318f6f300a9964c93ec3ed65c5535d87be82b668e1d3025a7e325af71a05f14e15d530d35f

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-handle-l1-1-0.dll

MD5 7bc1b8712e266db746914db48b27ef9c
SHA1 c76eb162c23865b3f1bd7978f7979d6ba09ccb60
SHA256 f82d05aea21bcf6337ef45fbdad6d647d17c043a67b44c7234f149f861a012b9
SHA512 db6983f5f9c18908266dbf01ef95ebae49f88edc04a0515699ef12201ac9a50f09939b8784c75ae513105ada5b155e5330bd42d70f8c8c48fe6005513aefad2a

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-file-l2-1-0.dll

MD5 7d4d4593b478b4357446c106b64e61f8
SHA1 8a4969c9e59d7a7485c8cc5723c037b20dea5c9d
SHA256 0a6e2224cde90a0d41926e8863f9956848ffbf19848e8855bd08953112afc801
SHA512 7bc9c473705ec98ba0c1da31c295937d97710cedefc660f6a5cb0512bae36ad23bebb2f6f14df7ce7f90ec3f817b02f577317fdd514560aab22cb0434d8e4e0b

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-file-l1-2-0.dll

MD5 f0c73f7454a5ce6fb8e3d795fdb0235d
SHA1 acdd6c5a359421d268b28ddf19d3bcb71f36c010
SHA256 2a59dd891533a028fae7a81e690e4c28c9074c2f327393fab17329affe53fd7b
SHA512 bd6cf4e37c3e7a1a3b36f42858af1b476f69caa4ba1fd836a7e32220e5eff7ccc811c903019560844af988a7c77cc41dc6216c0c949d8e04516a537da5821a3e

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-file-l1-1-0.dll

MD5 642b29701907e98e2aa7d36eba7d78b8
SHA1 16f46b0e057816f3592f9c0a6671111ea2f35114
SHA256 5d72feac789562d445d745a55a99536fa9302b0c27b8f493f025ba69ba31941c
SHA512 1beab2b368cc595beb39b2f5a2f52d334bc42bf674b8039d334c6d399c966aff0b15876105f0a4a54fa08e021cb44907ed47d31a0af9e789eb4102b82025cf57

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 8d6599d7c4897dcd0217070cca074574
SHA1 25eacaaa4c6f89945e97388796a8c85ba6fb01fb
SHA256 a011260fafaaaefd7e7326d8d5290c6a76d55e5af4e43ffa4de5fea9b08fa928
SHA512 e8e2e7c5bff41ccaa0f77c3cfee48dac43c11e75688f03b719cc1d716db047597a7a2ce25b561171ef259957bdcd9dd4345a0e0125db2b36f31698ba178e2248

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-debug-l1-1-0.dll

MD5 e1ca15cf0597c6743b3876af23a96960
SHA1 301231f7250431bd122b12ed34a8d4e8bb379457
SHA256 990e46d8f7c9574a558ebdfcb8739fbccba59d0d3a2193c9c8e66807387a276d
SHA512 7c9dacd882a0650bf2f553e9bc5647e6320a66021ac4c1adc802070fd53de4c6672a7bacfd397c51009a23b6762e85c8017895e9347a94d489d42c50fa0a1c42

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-datetime-l1-1-0.dll

MD5 5af784f599437629deea9fe4e8eb4799
SHA1 3c891b920fd2703edd6881117ea035ced5a619f6
SHA256 7e5bd3ee263d09c7998e0d5ffa684906ddc56da61536331c89c74b039df00c7c
SHA512 4df58513cf52511c0d2037cdc674115d8ed5a0ed4360eb6383cc6a798a7037f3f7f2d587797223ed7797ccd476f1c503b3c16e095843f43e6b87d55ad4822d70

C:\Users\Admin\AppData\Local\Temp\_MEI6882\api-ms-win-core-console-l1-1-0.dll

MD5 b56d69079d2001c1b2af272774b53a64
SHA1 67ede1c5a71412b11847f79f5a684eabaf00de01
SHA256 f3a41d882544202b2e1bdf3d955458be11fc7f76ba12668388a681870636f143
SHA512 7eb8fe111dd2e1f7e308b622461eb311c2b9fc4ef44c76e1def6c524eb7281d5522af12211f1f91f651f2b678592d2997fe4cd15724f700deaff314a1737b3a8

C:\Users\Admin\AppData\Local\Temp\_MEI6882\libffi-7.dll

MD5 4424baf6ed5340df85482fa82b857b03
SHA1 181b641bf21c810a486f855864cd4b8967c24c44
SHA256 8c1f7f64579d01fedfde07e0906b1f8e607c34d5e6424c87abe431a2322eba79
SHA512 8adb94893ada555de2e82f006ab4d571fad8a1b16ac19ca4d2efc1065677f25d2de5c981473fabd0398f6328c1be1ebd4d36668ea67f8a5d25060f1980ee7e33

C:\Users\Admin\AppData\Local\Temp\_MEI6882\_ctypes.pyd

MD5 f1e33a8f6f91c2ed93dc5049dd50d7b8
SHA1 23c583dc98aa3f6b8b108db5d90e65d3dd72e9b4
SHA256 9459d246df7a3c638776305cf3683946ba8db26a7de90df8b60e1be0b27e53c4
SHA512 229896da389d78cbdf2168753ed7fcc72d8e0e62c6607a3766d6d47842c0abd519ac4f5d46607b15e7ba785280f9d27b482954e931645337a152b8a54467c6a5

memory/3540-250-0x0000000003580000-0x0000000003581000-memory.dmp

memory/5184-248-0x00007FF6C71E0000-0x00007FF6C71EA000-memory.dmp

memory/5184-249-0x00007FF6C71E0000-0x00007FF6C71EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI6882\base_library.zip

MD5 f4981249047e4b7709801a388e2965af
SHA1 42847b581e714a407a0b73e5dab019b104ec9af2
SHA256 b191e669b1c715026d0732cbf8415f1ff5cfba5ed9d818444719d03e72d14233
SHA512 e8ef3fb3c9d5ef8ae9065838b124ba4920a3a1ba2d4174269cad05c1f318bc9ff80b1c6a6c0f3493e998f0587ef59be0305bc92e009e67b82836755470bc1b13

C:\Users\Admin\AppData\Local\Temp\_MEI6882\VCRUNTIME140.dll

MD5 0e675d4a7a5b7ccd69013386793f68eb
SHA1 6e5821ddd8fea6681bda4448816f39984a33596b
SHA256 bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512 cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

C:\Users\Admin\AppData\Local\Temp\_MEI6882\python38.dll

MD5 d2a8a5e7380d5f4716016777818a32c5
SHA1 fb12f31d1d0758fe3e056875461186056121ed0c
SHA256 59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9
SHA512 ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7

memory/3540-37-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/5172-36-0x00007FF61F020000-0x00007FF61F0BF000-memory.dmp

memory/3540-34-0x0000000003360000-0x0000000003361000-memory.dmp

memory/3540-29-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/3540-27-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/3540-26-0x0000000001540000-0x0000000001541000-memory.dmp

memory/3540-23-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/3540-22-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/3540-30-0x00000000032A0000-0x0000000003345000-memory.dmp

memory/3540-28-0x0000000003350000-0x0000000003351000-memory.dmp

C:\Users\Admin\AppData\Roaming\62B0AE0A43EE3663812181\62B0AE0A43EE3663812181.exe

MD5 8a7af78cee9b6487d1cef5abfd008b1b
SHA1 826eddefbf2656698a11629fd2b90f75fe7ebcb7
SHA256 67ccdfa102ca31649309bf0639c6de858383b2889a0fa86c31e3ac6b3457739c
SHA512 111a2844692c010ca88713d2b44fdf748c6ecc05295602c6555878a244542d599a7126bbc26e8a654bdfb9cd53e957ca6a06d25b9ea17c533b156ef2d3882f80

memory/1464-255-0x00007FF7EF9F0000-0x00007FF7EFA8F000-memory.dmp

memory/5184-263-0x00007FF6C71E0000-0x00007FF6C71EA000-memory.dmp

memory/3540-262-0x000000000ABE0000-0x000000000AC33000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\temp_14888.exe

MD5 4d38d0416a7392711f340e87f22ea4ba
SHA1 85d501d7fd5fc843e96be88caf6c1f1054aa2f28
SHA256 95b64cf5502b24d592c79f2611b76d5d8035c8061c4af6b1ff6800ec2b46442f
SHA512 3a86a6521fb856220875c9bac2c01ce82e7e67e515285273f7687596dc6c169949af8703d835654506c8205bcf6d372403c9ea925c0bf2969f11227d7cacb5c0

memory/3540-279-0x000000000B4C0000-0x000000000B513000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\temp_14891.exe

MD5 5381a870d74ee49586aa9632e93c232b
SHA1 f2ee6d461102d3353077d3d6f08bbda2b8dfb1ed
SHA256 e90f2a5eae99811b65dc284734e0e295708d89bfef9a003b3ab2f8bc42e1fa9c
SHA512 c611262eb7badc08486a6416dd470f14d09c5c86c04076a472d32da52bf2cc21344dd4130f85a83cb25556383528ce57ac94ad0de36cef6a67f1bdb9e87a65a9

memory/3540-295-0x000000000B6F0000-0x000000000B743000-memory.dmp

memory/2736-330-0x00007FF79EA50000-0x00007FF79EB55000-memory.dmp

memory/2736-331-0x00007FF79EA50000-0x00007FF79EB55000-memory.dmp

C:\ProgramData\efefefebdcc.exe

MD5 942e285920589ef847f851c6b6bf5f19
SHA1 2e71b51c07d0b5b9c4fbfef187565c77af8164d8
SHA256 32146febb4fdc0f80c8460696c5063d3dcbf1af3989f599b31cba52680cf2aff
SHA512 c4623e113eaa98dcf8a487ebff515f88251892c4d1ffd35959d77811c1e6a959015e3a73dcacae83fadcb1ba1eb86951b4e32fabef05584b18db2fc3705bc8f2

C:\ProgramData\efefefebdcc.cfg

MD5 4304cbb579551f3bac6dcf83b10f9075
SHA1 27cc9103aec651afb7cba5657fbb1c7c79a96208
SHA256 8e8e66d5edbe1e42915629696c15f1302c21ab3559b0616609893846e451cc89
SHA512 b9277ffe2604166036297bdbdf959cb7c67b0ef839aad7cdcf77d6de93261eaed809bcc42a1d30ea538bcb55206ecb9bdfa6a7087f8ffe86d6fa8ab58a1ae00b

memory/3540-338-0x00000000032A0000-0x0000000003345000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\temp_14891.exe

MD5 f6d5cc794c2a2eb47b84e1dfc26c988a
SHA1 dd0fd87afef860b482909c08332794aff35c288a
SHA256 631190fc83321193d8cb31f592b33919c9e3fbfa19ce0c29f9e86c1a4c2e5892
SHA512 8cadf6f0b2e75be2d6392aef2526458750e5b9c3a180b9362803ae2b3d75094db5a29dd8db5305a43def16e2cd3ec1c6adafdb4aaa07d5c8f3ca3a6546fa19a7

memory/5820-413-0x00007FF7DE650000-0x00007FF7DE755000-memory.dmp

memory/5820-414-0x00007FF7DE650000-0x00007FF7DE755000-memory.dmp

memory/3264-429-0x00007FF6BA240000-0x00007FF6BA345000-memory.dmp

memory/5948-453-0x00007FF7656E0000-0x00007FF7657E5000-memory.dmp

memory/5948-454-0x00007FF7656E0000-0x00007FF7657E5000-memory.dmp

memory/1444-482-0x00007FF6A40E0000-0x00007FF6A41E5000-memory.dmp

memory/1444-483-0x00007FF6A40E0000-0x00007FF6A41E5000-memory.dmp

memory/5796-503-0x00007FF6397B0000-0x00007FF6398B5000-memory.dmp

memory/5796-505-0x00007FF6397B0000-0x00007FF6398B5000-memory.dmp

memory/4860-517-0x00007FF7FBCF0000-0x00007FF7FBDF5000-memory.dmp

memory/4860-518-0x00007FF7FBCF0000-0x00007FF7FBDF5000-memory.dmp

memory/5008-545-0x00007FF723670000-0x00007FF723775000-memory.dmp

memory/5008-546-0x00007FF723670000-0x00007FF723775000-memory.dmp

memory/5160-573-0x00007FF6933E0000-0x00007FF6934E5000-memory.dmp

memory/5160-574-0x00007FF6933E0000-0x00007FF6934E5000-memory.dmp

memory/4720-584-0x00007FF669250000-0x00007FF669355000-memory.dmp

memory/4720-594-0x00007FF669250000-0x00007FF669355000-memory.dmp

memory/1932-610-0x00007FF6A54B0000-0x00007FF6A55B5000-memory.dmp

memory/1932-609-0x00007FF6A54B0000-0x00007FF6A55B5000-memory.dmp

memory/5944-637-0x00007FF671640000-0x00007FF671745000-memory.dmp

memory/5944-638-0x00007FF671640000-0x00007FF671745000-memory.dmp

memory/4752-665-0x00007FF74AC40000-0x00007FF74AD45000-memory.dmp

memory/4752-666-0x00007FF74AC40000-0x00007FF74AD45000-memory.dmp

memory/4952-680-0x00007FF6AB5E0000-0x00007FF6AB6E5000-memory.dmp

memory/4952-681-0x00007FF6AB5E0000-0x00007FF6AB6E5000-memory.dmp

memory/5820-706-0x00007FF672480000-0x00007FF672585000-memory.dmp

memory/5820-707-0x00007FF672480000-0x00007FF672585000-memory.dmp

memory/4236-734-0x00007FF6A56B0000-0x00007FF6A57B5000-memory.dmp

memory/4236-735-0x00007FF6A56B0000-0x00007FF6A57B5000-memory.dmp

memory/3160-756-0x00007FF639EB0000-0x00007FF639FB5000-memory.dmp

memory/3160-763-0x00007FF639EB0000-0x00007FF639FB5000-memory.dmp

memory/3096-772-0x00007FF689250000-0x00007FF689355000-memory.dmp

memory/3096-773-0x00007FF689250000-0x00007FF689355000-memory.dmp

memory/5384-797-0x00007FF7B92D0000-0x00007FF7B93D5000-memory.dmp

memory/5384-798-0x00007FF7B92D0000-0x00007FF7B93D5000-memory.dmp

memory/552-826-0x00007FF629770000-0x00007FF629875000-memory.dmp

memory/552-827-0x00007FF629770000-0x00007FF629875000-memory.dmp

memory/2916-854-0x00007FF670620000-0x00007FF670725000-memory.dmp

memory/2916-853-0x00007FF670620000-0x00007FF670725000-memory.dmp

memory/3096-869-0x00007FF764890000-0x00007FF764995000-memory.dmp

memory/3096-870-0x00007FF764890000-0x00007FF764995000-memory.dmp

memory/4900-894-0x00007FF77B7D0000-0x00007FF77B8D5000-memory.dmp

memory/4900-895-0x00007FF77B7D0000-0x00007FF77B8D5000-memory.dmp

memory/3108-922-0x00007FF6C0A80000-0x00007FF6C0B85000-memory.dmp

memory/3108-923-0x00007FF6C0A80000-0x00007FF6C0B85000-memory.dmp

memory/1900-933-0x00007FF660530000-0x00007FF660635000-memory.dmp

memory/1900-934-0x00007FF660530000-0x00007FF660635000-memory.dmp

memory/1480-955-0x00007FF7243C0000-0x00007FF7244C5000-memory.dmp

memory/1480-956-0x00007FF7243C0000-0x00007FF7244C5000-memory.dmp

memory/4068-986-0x00007FF7AAB50000-0x00007FF7AAC55000-memory.dmp

memory/4068-987-0x00007FF7AAB50000-0x00007FF7AAC55000-memory.dmp

memory/800-1019-0x00007FF6669C0000-0x00007FF666AC5000-memory.dmp

memory/800-1020-0x00007FF6669C0000-0x00007FF666AC5000-memory.dmp

memory/5244-1049-0x00007FF6A6B20000-0x00007FF6A6C25000-memory.dmp

memory/5244-1050-0x00007FF6A6B20000-0x00007FF6A6C25000-memory.dmp

memory/1892-1073-0x00007FF7D3550000-0x00007FF7D3655000-memory.dmp

memory/1892-1074-0x00007FF7D3550000-0x00007FF7D3655000-memory.dmp

memory/2036-1098-0x00007FF655930000-0x00007FF655A35000-memory.dmp

memory/2036-1099-0x00007FF655930000-0x00007FF655A35000-memory.dmp

memory/2944-1126-0x00007FF69EAE0000-0x00007FF69EBE5000-memory.dmp

memory/2944-1127-0x00007FF69EAE0000-0x00007FF69EBE5000-memory.dmp

memory/2184-1148-0x00007FF773420000-0x00007FF773525000-memory.dmp

memory/2184-1147-0x00007FF773420000-0x00007FF773525000-memory.dmp

memory/2412-1162-0x00007FF7D1BB0000-0x00007FF7D1CB5000-memory.dmp

memory/2412-1163-0x00007FF7D1BB0000-0x00007FF7D1CB5000-memory.dmp

memory/3552-1195-0x00007FF6145A0000-0x00007FF6146A5000-memory.dmp

memory/3552-1196-0x00007FF6145A0000-0x00007FF6146A5000-memory.dmp

memory/1764-1217-0x00007FF67B340000-0x00007FF67B445000-memory.dmp

memory/1764-1224-0x00007FF67B340000-0x00007FF67B445000-memory.dmp

memory/1420-1233-0x00007FF633E30000-0x00007FF633F35000-memory.dmp

memory/1420-1234-0x00007FF633E30000-0x00007FF633F35000-memory.dmp

memory/1048-1258-0x00007FF6F5DC0000-0x00007FF6F5EC5000-memory.dmp

memory/1048-1259-0x00007FF6F5DC0000-0x00007FF6F5EC5000-memory.dmp

memory/5620-1286-0x00007FF79C3F0000-0x00007FF79C4F5000-memory.dmp

memory/908-1308-0x00007FF6785E0000-0x00007FF6786E5000-memory.dmp

memory/908-1309-0x00007FF6785E0000-0x00007FF6786E5000-memory.dmp

memory/4988-1329-0x00007FF6C6A20000-0x00007FF6C6B25000-memory.dmp

memory/4988-1330-0x00007FF6C6A20000-0x00007FF6C6B25000-memory.dmp

memory/2036-1354-0x00007FF6CF680000-0x00007FF6CF785000-memory.dmp

memory/2036-1355-0x00007FF6CF680000-0x00007FF6CF785000-memory.dmp

memory/5660-1382-0x00007FF747EA0000-0x00007FF747FA5000-memory.dmp

memory/5660-1383-0x00007FF747EA0000-0x00007FF747FA5000-memory.dmp

memory/5620-1385-0x00007FF79C3F0000-0x00007FF79C4F5000-memory.dmp

memory/932-1405-0x00007FF7279F0000-0x00007FF727AF5000-memory.dmp

memory/932-1406-0x00007FF7279F0000-0x00007FF727AF5000-memory.dmp

memory/5056-1422-0x00007FF789040000-0x00007FF789145000-memory.dmp

memory/5056-1423-0x00007FF789040000-0x00007FF789145000-memory.dmp