Technical Information
- %TEMP%\nspfee8.tmp
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\dunste.blo225
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\hook.dll
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\helaarsbrug.woo
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\channel-insecure-symbolic.symbolic.png
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\face-cool.png
- %HOMEPATH%\fabulists\tongmen\coffeepot\pastelfarvernes228\io.txt
- %HOMEPATH%\fabulists\libpangoft2-1.0-0.dll
- %HOMEPATH%\fabulists\mail-mark-important.png
- %HOMEPATH%\fabulists\purlgs254\vanemssig\gappiest\bayonneskinkernes\radio-symbolic.symbolic.png
- %TEMP%\nsz5db.tmp\nsexec.dll
- %TEMP%\nsz5db.tmp\system.dll
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xC5C6C1A8^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEBD3FC8F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE0F7F694^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA6EAB394^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBBAFB38F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB2A5D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3B3CA^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2EAB3D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA7EABD94^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBDBEC5C6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C183^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C083^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFAC5FA8A^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEFE7D58F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7A3E1D7^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2A9FAC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BA8F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA0F1A0DB^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFBF0F694^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBDB1A9DC^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCDE2FF8A^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xD9EAFD82^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1F4C394^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1E0C4CE^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE2E6BB8F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB6BFC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA0F1A2DB^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBAB3BA96^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7A3A39E^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9D094^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEBE2E783^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EAFF83^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCFABFEC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB7B3CA^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEEAB3D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xF6BBA3D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3A3D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAFB38F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BFC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFEA3A3CA^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBCFA0D4^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEEAB3D2^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBABD6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAAFAC8^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB6B3DB^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C58F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCF7E687^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE2C2FF8A^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1E0BB8F^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAFFAC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBA2D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBA0D6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3BFC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2A3FAC6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7F1A2C6^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BADB^-1903979546"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xC5C6C1A8^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEBD3FC8F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE0F7F694^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA6EAB394^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBBAFB38F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB2A5D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3B3CA^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2EAB3D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA7EABD94^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBDBEC5C6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C183^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C083^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFAC5FA8A^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEFE7D58F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7A3E1D7^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2A9FAC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BA8F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA0F1A0DB^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFBF0F694^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBDB1A9DC^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCDE2FF8A^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xD9EAFD82^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1F4C394^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1E0C4CE^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE2E6BB8F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB6BFC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA0F1A2DB^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBAB3BA96^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7A3A39E^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9D094^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xEBE2E783^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EAFF83^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCFABFEC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB7B3CA^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEEAB3D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xF6BBA3D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3A3D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAFB38F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BFC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFEA3A3CA^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBCFA0D4^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEEAB3D2^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBABD6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAAFAC8^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCB6B3DB^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xB4B9C58F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xFCF7E687^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE2C2FF8A^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE1E0BB8F^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEAFFAC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBA2D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEFBA0D6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB3BFC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xA2A3FAC6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xE7F1A2C6^-1903979546"
- '%WINDIR%\syswow64\cmd.exe' /c set /a "0xAEB3BADB^-1903979546"