b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

Analysis

max time kernel
294s
max time network
49s
platform
windows7_x64
resource
win7-20220414-es
submitted
10-05-2022 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ssms.exe
Size

155KB
MD5

14a09a48ad23fe0ea5a180bee8cb750a
SHA1

ac3cdd673f5126bc49faa72fb52284f513929db4
SHA256

b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d
SHA512

3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Score

10^/10

evasion

Malware Config

Signatures

Modifies security service 2 TTPs 38 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4"	regedit.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4"	regedit.exe

Executes dropped EXE 18 IoCs

pid	Process
764	ssms.exe
556	ssms.exe
1912	ssms.exe
1488	ssms.exe
1616	ssms.exe
1516	ssms.exe
1824	ssms.exe
1880	ssms.exe
884	ssms.exe
1116	ssms.exe
1580	ssms.exe
1892	ssms.exe
1932	ssms.exe
1772	ssms.exe
1600	ssms.exe
1172	ssms.exe
1816	ssms.exe
824	ssms.exe

Loads dropped DLL 36 IoCs

pid	Process
112	ssms.exe
112	ssms.exe
764	ssms.exe
764	ssms.exe
556	ssms.exe
556	ssms.exe
1912	ssms.exe
1912	ssms.exe
1488	ssms.exe
1488	ssms.exe
1616	ssms.exe
1616	ssms.exe
1516	ssms.exe
1516	ssms.exe
1824	ssms.exe
1824	ssms.exe
1880	ssms.exe
1880	ssms.exe
884	ssms.exe
884	ssms.exe
1116	ssms.exe
1116	ssms.exe
1580	ssms.exe
1580	ssms.exe
1892	ssms.exe
1892	ssms.exe
1932	ssms.exe
1932	ssms.exe
1772	ssms.exe
1772	ssms.exe
1600	ssms.exe
1600	ssms.exe
1172	ssms.exe
1172	ssms.exe
1816	ssms.exe
1816	ssms.exe

Drops file in System32 directory 38 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File created	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe
File opened for modification	C:\Windows\SysWOW64\ssms.exe	ssms.exe

Runs .reg file with regedit 19 IoCs

pid	Process
1728	regedit.exe
1052	regedit.exe
2028	regedit.exe
1680	regedit.exe
1172	regedit.exe
1420	regedit.exe
984	regedit.exe
948	regedit.exe
980	regedit.exe
2040	regedit.exe
972	regedit.exe
1184	regedit.exe
480	regedit.exe
1228	regedit.exe
1144	regedit.exe
1576	regedit.exe
1796	regedit.exe
1700	regedit.exe
1776	regedit.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1104	112	ssms.exe	28
PID 112 wrote to memory of 1104	112	ssms.exe	28
PID 112 wrote to memory of 1104	112	ssms.exe	28
PID 112 wrote to memory of 1104	112	ssms.exe	28
PID 112 wrote to memory of 764	112	ssms.exe	30
PID 112 wrote to memory of 764	112	ssms.exe	30
PID 112 wrote to memory of 764	112	ssms.exe	30
PID 112 wrote to memory of 764	112	ssms.exe	30
PID 1104 wrote to memory of 972	1104	cmd.exe	29
PID 1104 wrote to memory of 972	1104	cmd.exe	29
PID 1104 wrote to memory of 972	1104	cmd.exe	29
PID 1104 wrote to memory of 972	1104	cmd.exe	29
PID 764 wrote to memory of 320	764	ssms.exe	31
PID 764 wrote to memory of 320	764	ssms.exe	31
PID 764 wrote to memory of 320	764	ssms.exe	31
PID 764 wrote to memory of 320	764	ssms.exe	31
PID 320 wrote to memory of 1184	320	cmd.exe	32
PID 320 wrote to memory of 1184	320	cmd.exe	32
PID 320 wrote to memory of 1184	320	cmd.exe	32
PID 320 wrote to memory of 1184	320	cmd.exe	32
PID 764 wrote to memory of 556	764	ssms.exe	33
PID 764 wrote to memory of 556	764	ssms.exe	33
PID 764 wrote to memory of 556	764	ssms.exe	33
PID 764 wrote to memory of 556	764	ssms.exe	33
PID 556 wrote to memory of 1760	556	ssms.exe	34
PID 556 wrote to memory of 1760	556	ssms.exe	34
PID 556 wrote to memory of 1760	556	ssms.exe	34
PID 556 wrote to memory of 1760	556	ssms.exe	34
PID 1760 wrote to memory of 1172	1760	cmd.exe	35
PID 1760 wrote to memory of 1172	1760	cmd.exe	35
PID 1760 wrote to memory of 1172	1760	cmd.exe	35
PID 1760 wrote to memory of 1172	1760	cmd.exe	35
PID 556 wrote to memory of 1912	556	ssms.exe	36
PID 556 wrote to memory of 1912	556	ssms.exe	36
PID 556 wrote to memory of 1912	556	ssms.exe	36
PID 556 wrote to memory of 1912	556	ssms.exe	36
PID 1912 wrote to memory of 980	1912	ssms.exe	37
PID 1912 wrote to memory of 980	1912	ssms.exe	37
PID 1912 wrote to memory of 980	1912	ssms.exe	37
PID 1912 wrote to memory of 980	1912	ssms.exe	37
PID 980 wrote to memory of 1420	980	cmd.exe	38
PID 980 wrote to memory of 1420	980	cmd.exe	38
PID 980 wrote to memory of 1420	980	cmd.exe	38
PID 980 wrote to memory of 1420	980	cmd.exe	38
PID 1912 wrote to memory of 1488	1912	ssms.exe	39
PID 1912 wrote to memory of 1488	1912	ssms.exe	39
PID 1912 wrote to memory of 1488	1912	ssms.exe	39
PID 1912 wrote to memory of 1488	1912	ssms.exe	39
PID 1488 wrote to memory of 1564	1488	ssms.exe	40
PID 1488 wrote to memory of 1564	1488	ssms.exe	40
PID 1488 wrote to memory of 1564	1488	ssms.exe	40
PID 1488 wrote to memory of 1564	1488	ssms.exe	40
PID 1564 wrote to memory of 984	1564	cmd.exe	41
PID 1564 wrote to memory of 984	1564	cmd.exe	41
PID 1564 wrote to memory of 984	1564	cmd.exe	41
PID 1564 wrote to memory of 984	1564	cmd.exe	41
PID 1488 wrote to memory of 1616	1488	ssms.exe	42
PID 1488 wrote to memory of 1616	1488	ssms.exe	42
PID 1488 wrote to memory of 1616	1488	ssms.exe	42
PID 1488 wrote to memory of 1616	1488	ssms.exe	42
PID 1616 wrote to memory of 552	1616	ssms.exe	43
PID 1616 wrote to memory of 552	1616	ssms.exe	43
PID 1616 wrote to memory of 552	1616	ssms.exe	43
PID 1616 wrote to memory of 552	1616	ssms.exe	43

C:\Users\Admin\AppData\Local\Temp\ssms.exe
"C:\Users\Admin\AppData\Local\Temp\ssms.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\a.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Windows\SysWOW64\regedit.exe
    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
    3⤵
    - Modifies security service
    - Runs .reg file with regedit
    PID:972
- C:\Windows\SysWOW64\ssms.exe
  C:\Windows\system32\ssms.exe 472 "C:\Users\Admin\AppData\Local\Temp\ssms.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c c:\a.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Windows\SysWOW64\regedit.exe
      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
      4⤵
      Modifies security service
      Runs .reg file with regedit
      PID:1184
- - C:\Windows\SysWOW64\ssms.exe
    C:\Windows\system32\ssms.exe 548 "C:\Windows\SysWOW64\ssms.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\a.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        5⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1172
  - - C:\Windows\SysWOW64\ssms.exe
      C:\Windows\system32\ssms.exe 544 "C:\Windows\SysWOW64\ssms.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1912
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:980
      - C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        6⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1420
    - - C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 552 "C:\Windows\SysWOW64\ssms.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1488
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1564
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        7⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:984
      - C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 556 "C:\Windows\SysWOW64\ssms.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        7⤵
        
        PID:552
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        8⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1144
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 560 "C:\Windows\SysWOW64\ssms.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        8⤵
        
        PID:888
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        9⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:948
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 564 "C:\Windows\SysWOW64\ssms.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        9⤵
        
        PID:496
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        10⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1576
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 568 "C:\Windows\SysWOW64\ssms.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1880
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        10⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        11⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:480
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 572 "C:\Windows\SysWOW64\ssms.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        11⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        12⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1700
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 576 "C:\Windows\SysWOW64\ssms.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        12⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        13⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:980
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 580 "C:\Windows\SysWOW64\ssms.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1580
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        13⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        14⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:2040
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 588 "C:\Windows\SysWOW64\ssms.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        14⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        15⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:2028
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 584 "C:\Windows\SysWOW64\ssms.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        15⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        16⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1776
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 592 "C:\Windows\SysWOW64\ssms.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        16⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        17⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1680
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 600 "C:\Windows\SysWOW64\ssms.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        17⤵
        
        PID:928
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        18⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1796
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 596 "C:\Windows\SysWOW64\ssms.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        18⤵
        
        PID:692
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        19⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1728
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 604 "C:\Windows\SysWOW64\ssms.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        19⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        20⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1228
        
        C:\Windows\SysWOW64\ssms.exe
        
        C:\Windows\system32\ssms.exe 536 "C:\Windows\SysWOW64\ssms.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c c:\a.bat
        20⤵
        
        PID:832
        
        C:\Windows\SysWOW64\regedit.exe
        
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        21⤵
        Modifies security service
        Runs .reg file with regedit
        
        PID:1052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.reg

Filesize
3KB

MD5
9e5db93bd3302c217b15561d8f1e299d

SHA1
95a5579b336d16213909beda75589fd0a2091f30

SHA256
f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

SHA512
b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
C:\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\??\c:\a.bat

Filesize
5KB

MD5
0019a0451cc6b9659762c3e274bc04fb

SHA1
5259e256cc0908f2846e532161b989f1295f479b

SHA256
ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

SHA512
314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
\Windows\SysWOW64\ssms.exe

Filesize
155KB

MD5
14a09a48ad23fe0ea5a180bee8cb750a

SHA1
ac3cdd673f5126bc49faa72fb52284f513929db4

SHA256
b14ccb3786af7553f7c251623499a7fe67974dde69d3dffd65733871cddf6b6d

SHA512
3f11e6f0fb03f2857f29f4ba296dd4fdbda93938b1516a80c18d656d67175fec910727ca447c7217e8edf9a160d9c7c02ebd9f35081a0071247d572d960e9734

Download Submit
memory/112-55-0x00000000759D1000-0x00000000759D3000-memory.dmp

Filesize
8KB

Download