Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
05/10/2022, 19:46 UTC
221005-yhfc9sfdc4 104/10/2022, 14:21 UTC
221004-rpddxsbedj 804/10/2022, 14:14 UTC
221004-rj33dsbebr 804/10/2022, 09:53 UTC
221004-lwl2raagdr 104/10/2022, 07:58 UTC
221004-jt1q1sacc7 803/10/2022, 15:56 UTC
221003-tdlx2adgdr 8Analysis
-
max time kernel
2107s -
max time network
1773s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-es -
resource tags
-
submitted
03/10/2022, 15:56 UTC
General
-
Target
BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip
-
Size
766.3MB
-
MD5
09ea7e2bef5722cdb9ee37a7dab48ff3
-
SHA1
d4fb2231f80333b1b50e6f790d3b59eb3ff26374
-
SHA256
280a84ca1f8ece3fc5af67010041af8c1a1bfa2e34e80961e60312800d37db2c
-
SHA512
eb9d65e42bccf4b700eb51c3f2890ac80f2e61a04ff661cdc3c173ff85a1f8e7f9e1cf2de89fd3517ca0b106240791f60158a7af12a5395b49e5299b22d3bf38
-
SSDEEP
12582912:whzb6xxr5Ni69eds1tauM0I7j0LFCLw0FEl1oZ+rPAkIYw+oKj7XkFgMKiLVVKYH:whzb639Ni6agtW7ZwU6+8roYwS7dN2jr
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 7 IoCs
-
Executes dropped EXE 24 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 52 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 60 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\BarTender Enterprise 2021 R5 11.2.166048 Multilingual.zip"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 460 -p 828 -ip 8281⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 828 -s 23921⤵
- Program crash
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" -spe -an -ai#7zMap23012:164:7zEvent296021⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i C:\ProgramData\Seagull\Installer\{99937B8D-3B72-49EF-AB3F-45A5EBEAAB75}\BEAAB75\BarTender.msi TRANSFORMS=:3082 AI_SETUPEXEPATH="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe" SETUPEXEDIR="C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1664634068 "2⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Drops file in Drivers directory
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D797227BC2CC1A121134C304E36153E2 C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CDF7DA5C85CD0D5088BDB1C914FD82D3 C2⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe" /groupsextract:103;111; /out:"C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites" /callbackid:26843⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites\SQL Server Compact 4.0\SSCERuntime_x64-ENU.msi" /q /norestart3⤵
-
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Seagull\BarTender\prerequisites\SQL Server LocalDB 2014 SP3\SqlLocalDB_x64.msi" /qn /norestart IACCEPTSQLLOCALDBLICENSETERMS=YES3⤵
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 0011B3D82C10531E9D86AC11DF633AB9 C2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI26FE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240855328 2 CustomActions!CustomActions.CustomActions.SilentInstallProperties3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI44AE.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240862390 74 CustomActions!CustomActions.CustomActions.ForceUpgradeProperty3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI5A7A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240867968 79 CustomActions!CustomActions.CustomActions.SetInstalledVersion3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI6AA7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240872234 84 CustomActions!CustomActions.CustomActions.InstallOptions3⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI47A5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241257109 338 CustomActions!CustomActions.CustomActions.ExtractSQLExpress3⤵
- Loads dropped DLL
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSICC96.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241290390 348 CustomActions!CustomActions.CustomActions.WindowsOptionalFeatures3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Get-Features /Format:Table4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\142E611F-2786-49A5-BB1B-1122B9195181\dismhost.exeC:\Users\Admin\AppData\Local\Temp\142E611F-2786-49A5-BB1B-1122B9195181\dismhost.exe {6DD33BAE-3977-45D8-A22D-CC3F1BFC2DF1}5⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Enable-Feature /FeatureName:MSMQ-Container /FeatureName:MSMQ-Server /All /NoRestart4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BAADF675-E454-473E-BE2D-DE35F5318C28\dismhost.exeC:\Users\Admin\AppData\Local\Temp\BAADF675-E454-473E-BE2D-DE35F5318C28\dismhost.exe {97049443-283A-471D-A31A-DA55E1F81833}5⤵
- Executes dropped EXE
-
-
-
C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe"C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe" -r4⤵
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSIB981.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241875312 1458 CustomActions!CustomActions.CustomActions.InstallSQLExpress3⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SQLEXPR_x64_ENU.exe"C:\Users\Admin\AppData\Local\Temp\SQLEXPR_x64_ENU.exe" /q /ACTION=Install /FEATURES=SQLEngine,FullText /INSTANCENAME=BarTender /SQLSYSADMINACCOUNTS="Builtin\Administrators" "NT AUTHORITY\SYSTEM" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /ADDCURRENTUSERASSQLADMIN /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /HIDECONSOLE /SkipInstallerRunCheck /UpdateEnabled=0 /SKIPRULES=RebootRequiredCheck SetupCompatibilityCheck NoRebootPackage4⤵
- Executes dropped EXE
- Drops autorun.inf file
- Suspicious use of WriteProcessMemory
-
C:\5EA9411076914705A44E58C3AD6D762C\SETUP.EXEC:\5EA9411076914705A44E58C3AD6D762C\SETUP.EXE /q /ACTION=Install /FEATURES=SQLEngine,FullText /INSTANCENAME=BarTender /SQLSYSADMINACCOUNTS="Builtin\Administrators" "NT AUTHORITY\SYSTEM" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /ADDCURRENTUSERASSQLADMIN /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /HIDECONSOLE /SkipInstallerRunCheck /UpdateEnabled=0 /SKIPRULES=RebootRequiredCheck SetupCompatibilityCheck NoRebootPackage5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe-b6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe-b6⤵
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\ScenarioEngine.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\ScenarioEngine.exe" /WORKFLOW=Install /TIMESTAMP=20221004_093248 /LOGMARKER= /MEDIASOURCE="C:\5EA9411076914705A44E58C3AD6D762C\\" /INSTALLMEDIAPATH="C:\5EA9411076914705A44E58C3AD6D762C\x64\setup\\" /ENU /MEDIALAYOUT="Core" /q /ACTION=Install /FEATURES=SQLEngine,FullText /INSTANCENAME=BarTender /SQLSYSADMINACCOUNTS="Builtin\Administrators" "NT AUTHORITY\SYSTEM" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /ADDCURRENTUSERASSQLADMIN /TCPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS /HIDECONSOLE /SkipInstallerRunCheck /UpdateEnabled=0 /SKIPRULES=RebootRequiredCheck SetupCompatibilityCheck NoRebootPackage /ACTION=Install6⤵
- Executes dropped EXE
- Checks computer location settings
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\z-zk3jud.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA5D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFA5C.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3aqc40ix.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFE93.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFE83.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rlsbeyyu.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES114.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC113.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\_qvk2qru.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3A4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC394.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nawq1y4f.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4EC.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4EB.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ziyprb1p.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5F6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5F5.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gcphjavh.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9A0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC99F.tmp"8⤵
-
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ddr6hqcq.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES23EE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC23ED.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mrlws7ki.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES24E8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC24E7.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mqr6id6a.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C6A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2C69.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\irfndlls.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2CE7.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2CE6.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\aotcyszb.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3081.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3080.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5tfpj9n3.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3265.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3264.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\shgayil0.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3311.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC3310.tmp"8⤵
-
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nr8zmnls.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES482F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC482E.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x_1hrnin.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5186.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5185.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nhihn1vn.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5A31.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC5A30.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\p7gk0xyc.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES677F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC677E.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oyshl3ca.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES68B7.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC68B6.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\onpq50m0.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES69B1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC69B0.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bt-gllgi.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7133.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7132.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xzopu1zb.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7375.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7374.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\67-u8pld.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7412.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7411.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n_bqqyre.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8C0E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8C0D.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\twaiwnop.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E21.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8E20.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\elkrnmy_.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8F1B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8F1A.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\oxfpummc.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9015.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9014.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7t7sedyd.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES913E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC913D.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\y-_5pgkz.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES91FA.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC91F9.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\synn0pqc.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES92E4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC92E3.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qedz8xkf.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES93DE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC93DD.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rabtomil.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES94E8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC94E7.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jjwa_mox.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES95D2.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC95D1.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mva1zg--.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES96EB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC96EA.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3a40zgfb.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9D44.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9D43.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\srwushrs.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA255.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA245.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t8u575n8.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA35F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA35E.tmp"8⤵
-
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue pause7⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exe" queue continue7⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe"C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exe" queue continue7⤵
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x64.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe"C:\5EA9411076914705A44E58C3AD6D762C\x64\FixSqlRegistryKey_x86.exe" /fix7⤵
- Executes dropped EXE
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\res26n9o.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES80B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC80A.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2apxqiex.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES943.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC942.tmp"8⤵
-
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files (x86)\Microsoft SQL Server\120\Shared\sqlmgmproviderxpsp2up.mof"7⤵
- Drops file in System32 directory
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rhul1mat.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1902.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1901.tmp"8⤵
-
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files (x86)\Microsoft SQL Server\120\Shared\1033\sqlmgmprovider.mfl"7⤵
- Drops file in System32 directory
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\anvxmmvl.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1A4B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1A4A.tmp"8⤵
-
-
-
C:\Windows\system32\unlodctr.exe"C:\Windows\system32\unlodctr.exe" /m:hkengperfctr.xml7⤵
-
-
C:\Windows\system32\lodctr.exe"C:\Windows\system32\lodctr.exe" /m:hkengperfctr.xml7⤵
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\edf51rvm.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1EFE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1EFD.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\eooo4xcb.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1FE8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1FE7.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rut4ktlm.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2C9A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2C99.tmp"8⤵
-
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Sqlwep-uni.mof.transformed"7⤵
- Drops file in System32 directory
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\xesqlpkg.mof"7⤵
- Drops file in System32 directory
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\xesqlminpkg.mof"7⤵
- Drops file in System32 directory
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\xesospkg.mof"7⤵
- Drops file in System32 directory
-
-
C:\Windows\system32\WBEM\mofcomp.exe"C:\Windows\system32\WBEM\mofcomp.exe" "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\xepkg0.mof"7⤵
- Drops file in System32 directory
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\btljskfi.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6454.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6453.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vhflxlvl.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES65CB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC65CA.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nwzclowq.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6AAD.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6AAC.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hueb7rko.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6EA4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6E94.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d9kyuxn4.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6F02.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC6F01.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\n-o6b6eh.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES729C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC729B.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7n3adynv.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9249.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9248.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\kswse8yu.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES92D6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC92D5.tmp"8⤵
-
-
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\o6guvufd.cmdline"7⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCBA9.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCBA8.tmp"8⤵
-
-
-
-
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0DBA4D96C781A2483CD556369247B9152⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A8DB9856EDC3DC22C42286C215C7B353 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 85ACD2BAE60F4493D4A39F8E97776BD82⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding B132454390C14C7AF6EDB70C576703C4 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding BE2B71806202121895C0B48ED1DDB6A92⤵
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.GridControl, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:1 /NoDependencies3⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.GridControl, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:1 /NoDependencies3⤵
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 94ED16BAF672753C024C4B30BEE5AFB22⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding D635694FDC8479987405DEFA5783BEBF E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F4B807783984B4F0C7456D00C150D9D52⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 13E234208ACAFC0707334F1941702161 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 6533CCDCDAF0F42AF961F555C515F056 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding EE1E9D47F60AD139A2D4D75AED6348D72⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding ABFB7A38CB6E4632D0EDE20474E43FAD2⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 4555C030FA4B3A21085BD891E2191F79 E Global\MSI00002⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3409F7F56DA72488064434274B94CF992⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2880C262C073FA56313E84115A040459 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding AE884BE9C361647A434B992755DA78702⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding D5C712534B5933CBF863E3E7CA0EB1EF2⤵
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.GridControl, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:1 /NoDependencies3⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.GridControl, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:1 /NoDependencies3⤵
- Drops file in Windows directory
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 48A11666048DE295169296910CD312842⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 84F0A0AA385F3AFC7358406F907B624D E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 38EB93579B0239814B62E02243A3E5D22⤵
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.DataWarehouse.Interfaces, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.AnalysisServices, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.OlapEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.OlapEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Diagnostics.STrace, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlTDiagM, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Diagnostics.STrace, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlTDiagM, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Smo, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.WmiEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.BatchParser, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ConnectionInfo, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ConnectionInfoExtended, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.RegSvrEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ServiceBrokerEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SmoExtended, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlClrProvider, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.PolicyEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.BatchParserClient, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Smo, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.WmiEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.BatchParser, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ConnectionInfo, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ConnectionInfoExtended, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.RegSvrEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ServiceBrokerEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SmoExtended, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlClrProvider, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.PolicyEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.BatchParserClient, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SString, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SString, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.Sdk.Sfc, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlWmiManagement, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.Sdk.Sfc, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlWmiManagement, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DataStorage, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DlgGrid, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.MultiServerConnection, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DataStorage, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DlgGrid, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.MultiServerConnection, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.HelpViewer, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.HelpViewer, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 3DBD13156697483EE73221E68A1DF25E E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding FE7C1E7662DF9154D63FE84CC732C2DB2⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding A1DC1970F6521F93E460BEF029A26ED3 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding C33EA44DF61D5747426B326EF49D82A12⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding E949F3C42DC15DFD378D165489DD23F6 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 081DB8083D3ABA55EF4C8023F7A3F0782⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 388D2F78F0451AC1737E8F986BEB29882⤵
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.FileSystemTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.MaintenancePlanTasks, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ExpressionTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.WMIDRTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.WMIEWTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferDatabasesTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferErrorMessagesTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferJobsTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferLoginsTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferStoredProceduresTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.XMLTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.PipelineXML, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.PipelineHost, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.PackageFormatUpdate, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ManagedDTS, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DTSRuntimeWrap, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SQLTaskConnectionsWrap, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SQLTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\SDK\Assemblies\Microsoft.SqlServer.ServiceBrokerEnum.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\SDK\Assemblies\Microsoft.SqlServer.Replication.dll" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.HadrDMF, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.SmartAdminPolicies, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.HadrDMF, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Management.SmartAdminPolicies, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.FileSystemTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.MaintenancePlanTasks.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.ExpressionTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.WebServiceTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.WMIDRTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.WMIEWTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.WebServiceTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.TransferObjectsTask, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferObjectsTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferDatabasesTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferErrorMessagesTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferJobsTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferLoginsTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.TransferStoredProceduresTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.XmlTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.SqlCEDest, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ADONETSrc, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ADONETDest, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.XmlSrc, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\PipelineComponents\Microsoft.SqlServer.SqlCEDest.dll" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\PipelineComponents\Microsoft.SqlServer.ADONETSrc.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\PipelineComponents\Microsoft.SqlServer.ADONETDest.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\PipelineComponents\Microsoft.SqlServer.XMLSrc.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.PipelineXML.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DTSPipelineWrap, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\DTEParseMgd.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "DTEParseMgd, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\ForEachEnumerators\Microsoft.SqlServer.ForEachSMOEnumerator.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\ForEachEnumerators\Microsoft.SqlServer.ForEachAdoEnumerator.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\ForEachEnumerators\Microsoft.SqlServer.ForEachNodeListEnumerator.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\ForEachEnumerators\Microsoft.SqlServer.ForEachFromVarEnumerator.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.ForEachFileEnumeratorWrap.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ForEachSMOEnumerator, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ForEachADOEnumerator, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ForEachNodeListEnumerator, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ForEachFromVarEnumerator, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ForEachFileEnumeratorWrap, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.PackageFormatUpdate.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.VSTAScriptingLib, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.IntegrationServices.VSTA, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Connections\Microsoft.SqlServer.ManagedConnections.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.DtsMsg.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.DTEnum.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.DTSUtilities.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\Microsoft.SqlServer.SQLTaskConnectionsWrap.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DtsMsg, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DTEnum, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.DTSUtilities, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.ManagedConnections, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Msxml6_interop, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.SQLTask.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\DTSWizard.exe" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.Dts.Design, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.DataTransformationServices.Controls, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\SQLPS\Microsoft.SqlServer.Management.PSProvider.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\SQLPS\Microsoft.SqlServer.Management.PSSnapins.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\SQLPS\Microsoft.SqlServer.Management.CloudAdapter.Client.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\SQLPS\Microsoft.SqlServer.Management.CloudAdapter.Data.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\Microsoft.SqlServer.Management.PowerShellTasks.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\SQLPS.exe" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework\v2.0.50727\ngen.exengen.exe install "C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\SQLPS.exe.config" /verbose /queue:13⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\120\DTS\Tasks\Microsoft.SqlServer.Management.CollectorTasks.dll" /verbose /queue:33⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "Microsoft.SqlServer.IntegrationServices.VSTA.VSTA11, Version=12.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /verbose /queue:33⤵
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 4E975E47A6C793B63BC3CA2A906480AF E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F1A7EAD21C5D3659B3D8A40324734AD22⤵
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlAutoAdmin.SqlAutoAdmin.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlAutoAdmin.AutoBackupAgent.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlServer.XE.Core.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlServer.XEvent.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlServer.XEvent.Configuration.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlServer.XEvent.Linq.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\Microsoft.SqlServer.XEvent.Targets.dll" /verbose /queue:13⤵
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\performancecounter.dll" /verbose /queue:33⤵
- Drops file in Windows directory
-
-
C:\Windows\Microsoft.Net\Framework64\v2.0.50727\ngen.exengen.exe install "C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqltoolsmailutilities.dll" /verbose /queue:33⤵
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 340F1B0EE018451A36AD6716DACBAD16 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 9A2A6B8D2EEF2C1C14C7BD539A2695082⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 77CB28A308A7240EC0924B1F41522289 E Global\MSI00002⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding CD8A52DD262A510260384121F061FD562⤵
- Drops file in Program Files directory
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 87ACC872B2E210433780DA5F49B74322 E Global\MSI00002⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 929583F19548A04C026AF9CF12673D022⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 3D724DC53192D7BB2E0DE9A6D311B5872⤵
- Drops file in Windows directory
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Windows\Installer\MSI822A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_242254156 19043 CustomActions!CustomActions.CustomActions.SilentInstallProperties3⤵
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Windows\Installer\MSI894F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_242255937 19048 CustomActions!CustomActions.CustomActions.WindowsOptionalFeatures3⤵
- Drops file in Windows directory
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Get-Features /Format:Table4⤵
-
C:\Users\Admin\AppData\Local\Temp\DDB44DAD-693B-4311-9F4D-050910F3A258\dismhost.exeC:\Users\Admin\AppData\Local\Temp\DDB44DAD-693B-4311-9F4D-050910F3A258\dismhost.exe {EA90CC2C-7941-48CE-8528-2873CAE39A3C}5⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\dism.exe"C:\Windows\system32\dism.exe" /Online /Enable-Feature /FeatureName:MSMQ-Container /FeatureName:MSMQ-Server /All /NoRestart4⤵
-
C:\Users\Admin\AppData\Local\Temp\EE1B6004-597C-4183-81A2-A52FEF889567\dismhost.exeC:\Users\Admin\AppData\Local\Temp\EE1B6004-597C-4183-81A2-A52FEF889567\dismhost.exe {72B92781-5D4A-488B-9D38-617B029F469B}5⤵
- Executes dropped EXE
-
-
-
C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe"C:\Windows\Microsoft.Net\Framework64\v4.0.30319\ServiceModelReg.exe" -r4⤵
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding EE3DA9658AEAC481438F4DEC9C5DC7EA E Global\MSI00002⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
-
C:\Windows\SysWOW64\cmd.exe/C "C:\Users\Admin\AppData\Local\Temp\{74112358-5FB7-49A0-AD8A-EDB6916A3FAC}.bat"3⤵
-
-
-
C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"C:\Users\Admin\Desktop\BarTender Enterprise 2021 R5 11.2.166048 Multilingual\Setup_x64.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
-
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3044" "1932" "1044" "2188" "0" "0" "2124" "2040" "0" "0" "0" "0"1⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe" -sBARTENDER1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies data under HKEY_USERS
-
C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe" -sBARTENDER1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe" -sBARTENDER1⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
-
C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL12.BARTENDER\MSSQL\Binn\sqlservr.exe" -sBARTENDER1⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2768" "2644" "2536" "2648" "0" "0" "2652" "2656" "0" "0" "0" "0"1⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
Network
-
GEThttps://www.bing.com/bcs/ci/71/es-es.cabRemote address:204.79.197.200:443RequestGET /bcs/ci/71/es-es.cab HTTP/2.0
host: www.bing.com
accept: */*
cookie: SRCHUID=V=2&GUID=FE8A09AB4E0D4E0E9321E164D82256BB&dmnchg=1; SRCHD=AF=NOFORM; SUID=M; SRCHUSR=DOB=20220812; SRCHHPGUSR=SRCHLANG=es&LUT=1660340251276&IPMH=86a43155&IPMID=1660340297393&HV=1664874702; CortanaAppUID=CC49A771AA5D6B619014545D509433FC; MUID=297D349428BA4388ACFAFA4B8D6250A1; _SS=SID=123BA720CB63681211EBB6DECA966987&CBV=30311771&CPID=1660340297765&AC=1&CPH=d0e6f363; _EDGE_S=SID=123BA720CB63681211EBB6DECA966987&mkt=es-es&ui=es-es; MUIDB=297D349428BA4388ACFAFA4B8D6250A1
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: public, max-age=15552000
content-length: 128362
content-type: text/html
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-cache: TCP_HIT
server: Kestrel
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 58C597600DC34497A01F07DEE034C10E Ref B: DUS30EDGE0920 Ref C: 2022-10-04T07:13:15Z
date: Tue, 04 Oct 2022 07:13:14 GMT
-
DNSa-ring-fallback.msedge.netRemote address:8.8.8.8:53Requesta-ring-fallback.msedge.netIN AResponsea-ring-fallback.msedge.netIN CNAMEa-9999.a-dc-msedge.neta-9999.a-dc-msedge.netIN A131.253.33.254
-
GEThttps://a-ring-fallback.msedge.net/apc/trans.gif?e7d04202db896e717c5c6c352ea9f088Remote address:131.253.33.254:443RequestGET /apc/trans.gif?e7d04202db896e717c5c6c352ea9f088 HTTP/2.0
host: a-ring-fallback.msedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif
last-modified: Tue, 10 May 2022 10:41:08 GMT
accept-ranges: bytes
etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
access-control-allow-origin: *
access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
timing-allow-origin: *
x-content-type-options: nosniff
x-endpoint: LON21r8b
x-frontend: AFD
x-machinename: LON212050704049
x-userhostaddress: 154.61.71.0
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: F09AA258C4B44FEDAA81796FBD3D38E6 Ref B: LON212050704049 Ref C: 2022-10-04T07:13:16Z
date: Tue, 04 Oct 2022 07:13:15 GMT
-
GEThttps://a-ring-fallback.msedge.net/apc/trans.gif?8597164ffdc8cd1af5c1f361b7911cc7Remote address:131.253.33.254:443RequestGET /apc/trans.gif?8597164ffdc8cd1af5c1f361b7911cc7 HTTP/2.0
host: a-ring-fallback.msedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif
last-modified: Tue, 10 May 2022 10:41:08 GMT
accept-ranges: bytes
etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
access-control-allow-origin: *
access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
timing-allow-origin: *
x-content-type-options: nosniff
x-endpoint: LON21r8b
x-frontend: AFD
x-machinename: LON212050704049
x-userhostaddress: 154.61.71.0
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: A7B087703BAA4FA48FBCE9A4AD4F2280 Ref B: LON212050704049 Ref C: 2022-10-04T07:13:16Z
date: Tue, 04 Oct 2022 07:13:15 GMT
-
DNSow1.res.office365.comRemote address:8.8.8.8:53Requestow1.res.office365.comIN AResponseow1.res.office365.comIN CNAMEow1.res.office365.com.edgekey.netow1.res.office365.com.edgekey.netIN CNAMEe7695.g.akamaiedge.nete7695.g.akamaiedge.netIN A2.16.119.161
-
GEThttps://ow1.res.office365.com/apc/trans.gif?099a9f8af2f63c1dcd6bd5fef0d534b9Remote address:2.16.119.161:443RequestGET /apc/trans.gif?099a9f8af2f63c1dcd6bd5fef0d534b9 HTTP/2.0
host: ow1.res.office365.com
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 43
content-type: image/gif
last-modified: Fri, 16 Feb 2018 22:02:10 GMT
accept-ranges: bytes
x-ms-request-id: b661d682-001e-00cd-39b6-0ec8e7000000
cache-control: max-age=630720000
date: Tue, 04 Oct 2022 07:13:16 GMT
timing-allow-origin: *
access-control-expose-headers: date
access-control-allow-origin: *
-
GEThttps://ow1.res.office365.com/apc/trans.gif?f4dc0a7ab853f05e455c22ffe2495b6fRemote address:2.16.119.161:443RequestGET /apc/trans.gif?f4dc0a7ab853f05e455c22ffe2495b6f HTTP/2.0
host: ow1.res.office365.com
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 43
content-type: image/gif
last-modified: Fri, 16 Feb 2018 22:02:10 GMT
accept-ranges: bytes
x-ms-request-id: b661d682-001e-00cd-39b6-0ec8e7000000
cache-control: max-age=630720000
date: Tue, 04 Oct 2022 07:13:16 GMT
timing-allow-origin: *
access-control-expose-headers: date
access-control-allow-origin: *
-
DNSfp-afd.azureedge.netRemote address:8.8.8.8:53Requestfp-afd.azureedge.netIN AResponsefp-afd.azureedge.netIN CNAMEfp-afd.afd.azureedge.netfp-afd.afd.azureedge.netIN CNAMEfirstparty-azurefd-prod-first.trafficmanager.netfirstparty-azurefd-prod-first.trafficmanager.netIN CNAMEshed.dual-low.part-0039.t-0009.t-msedge.netshed.dual-low.part-0039.t-0009.t-msedge.netIN CNAMEpart-0039.t-0009.t-msedge.netpart-0039.t-0009.t-msedge.netIN A13.107.246.67part-0039.t-0009.t-msedge.netIN A13.107.213.67
-
GEThttps://fp-afd.azureedge.net/apc/trans.gif?885f7775a5aa2c5d8832131b3f724882Remote address:13.107.246.67:443RequestGET /apc/trans.gif?885f7775a5aa2c5d8832131b3f724882 HTTP/2.0
host: fp-afd.azureedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: s-maxage=86400
content-length: 43
content-type: image/gif
last-modified: Tue, 27 Feb 2018 23:48:21 GMT
etag: 0x8D57E3C9594BD94
x-cache: TCP_HIT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cb6c0f6c-001e-0071-5665-d7f981000000
x-ms-version: 2009-09-19
x-ms-meta-cbmodifiedtime: Mon, 08 Feb 2016 20:57:42 GMT
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 01d47YwAAAAB4qVHm3YOHS4EqaNVMDRNCQU1TMDRFREdFMTkyMgA4NDU3NTY4ZS1hZjRiLTRmYTAtOGU3MC1mYjUxZDM1ZWNiNGI=
date: Tue, 04 Oct 2022 07:20:52 GMT
-
GEThttps://fp-afd.azureedge.net/apc/trans.gif?1f3e45c18d17a350771de3e737060353Remote address:13.107.246.67:443RequestGET /apc/trans.gif?1f3e45c18d17a350771de3e737060353 HTTP/2.0
host: fp-afd.azureedge.net
referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: es-ES,es;q=0.5
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.2.19041; 10.0.0.0.19041.1288) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
cache-control: s-maxage=86400
content-length: 43
content-type: image/gif
last-modified: Tue, 27 Feb 2018 23:48:21 GMT
etag: 0x8D57E3C9594BD94
x-cache: TCP_HIT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cb6c0f6c-001e-0071-5665-d7f981000000
x-ms-version: 2009-09-19
x-ms-meta-cbmodifiedtime: Mon, 08 Feb 2016 20:57:42 GMT
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 01d47YwAAAABO3DAgg4vLTKsbacDT7bv5QU1TMDRFREdFMTkyMgA4NDU3NTY4ZS1hZjRiLTRmYTAtOGU3MC1mYjUxZDM1ZWNiNGI=
date: Tue, 04 Oct 2022 07:20:52 GMT
-
13.89.179.10:443
-
204.79.197.200:443www.bing.comtls
-
8.238.23.254:80 -
8.238.23.254:80
-
8.238.23.254:80
-
204.79.197.200:443www.bing.comtls
-
204.79.197.200:443www.bing.comtls
-
204.79.197.200:443www.bing.comtls
-
204.79.197.200:443www.bing.comtls, https
-
204.79.197.200:443https://www.bing.com/bcs/ci/71/es-es.cabtls, http2
HTTP Request
GET https://www.bing.com/bcs/ci/71/es-es.cabHTTP Response
200 -
131.253.33.254:443https://a-ring-fallback.msedge.net/apc/trans.gif?8597164ffdc8cd1af5c1f361b7911cc7tls, http2
HTTP Request
GET https://a-ring-fallback.msedge.net/apc/trans.gif?e7d04202db896e717c5c6c352ea9f088HTTP Response
200HTTP Request
GET https://a-ring-fallback.msedge.net/apc/trans.gif?8597164ffdc8cd1af5c1f361b7911cc7HTTP Response
200 -
2.16.119.161:443https://ow1.res.office365.com/apc/trans.gif?f4dc0a7ab853f05e455c22ffe2495b6ftls, http2
HTTP Request
GET https://ow1.res.office365.com/apc/trans.gif?099a9f8af2f63c1dcd6bd5fef0d534b9HTTP Response
200HTTP Request
GET https://ow1.res.office365.com/apc/trans.gif?f4dc0a7ab853f05e455c22ffe2495b6fHTTP Response
200 -
13.107.246.67:443https://fp-afd.azureedge.net/apc/trans.gif?1f3e45c18d17a350771de3e737060353tls, http2
HTTP Request
GET https://fp-afd.azureedge.net/apc/trans.gif?885f7775a5aa2c5d8832131b3f724882HTTP Response
200HTTP Request
GET https://fp-afd.azureedge.net/apc/trans.gif?1f3e45c18d17a350771de3e737060353HTTP Response
200 -
204.79.197.200:443www.bing.comtls, https
-
8.8.8.8:53a-ring-fallback.msedge.netdns
DNS Request
a-ring-fallback.msedge.net
DNS Response
131.253.33.254
-
8.8.8.8:53ow1.res.office365.comdns
DNS Request
ow1.res.office365.com
DNS Response
2.16.119.161
-
8.8.8.8:53fp-afd.azureedge.netdns
DNS Request
fp-afd.azureedge.net
DNS Response
13.107.246.6713.107.213.67
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
MD5a96297c0b3816788f2a8f930c6e9dcf4
SHA1307b132d720b1b03ecfb96afa1808fd367ed702b
SHA256fd9fd341073d906645eed1eff1eb53144af5109c73b26a8f9e56de7be82c81ed
SHA5127897427df575d4c22d2980aea40d37b891ed416b101b697b4b161b3ddb5005671c74e34722052d3cc7f9b3f742100db8065eb0a8259ab2ec6fb69282b852c84a
-
Filesize
120KB
MD5a96297c0b3816788f2a8f930c6e9dcf4
SHA1307b132d720b1b03ecfb96afa1808fd367ed702b
SHA256fd9fd341073d906645eed1eff1eb53144af5109c73b26a8f9e56de7be82c81ed
SHA5127897427df575d4c22d2980aea40d37b891ed416b101b697b4b161b3ddb5005671c74e34722052d3cc7f9b3f742100db8065eb0a8259ab2ec6fb69282b852c84a
-
Filesize
194.7MB
MD5cb89850ee9cf83015f30d1df61e97b2a
SHA17ebd4b6e0636cc209ed8bc4ac1c1195459dfbab4
SHA256b8ac3b3c1a2c80ee17c6f8678d6777547477bb726ef7914fac14e2d7f331ba19
SHA512144272199c96c4eab27a3ad18e1995806d6c439dc00222a7b92979bd5343b422663e6421f68720ffae68a91a8bf1a6f207f6f62126678ee6c83c259fdfc77e24
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
651B
MD500bfeb783aeff425ce898d55718d506d
SHA1aac7a973dc1f9ca7abc529c7ea37ad7eaf491b8f
SHA256d06099ef43eb002055378b1b6d9853f9b1f891ada476932ba575d1f97065a580
SHA5122209d5f4999cb36ebf26c6b8cb3195cc9fc0f0a103f4a28dd77b04605d7c6e79d47d806454c63b8d42bbe32864be7cdb56df3cccf71a6c27fe0b331d8304e1ff
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
780KB
MD55ef8fd841c7b39882d909df4b6806db9
SHA180cdb05c335fa083262dcccf1ee9930dbf60b139
SHA2567f2fdc8e2a4383cc7818c1e5f70a3727179187a03bcb56d7befab165af8f9fa4
SHA512591810d483ed994f5800290117c4b8cfc82177ec7e93bd74c541ef0bb776d286f1820986e30c16cf9e7e9526e3ec500962454403596b3e92bf725498b92dcb3e
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
54KB
MD59793eda103b3ce9cbff0f08e7353e104
SHA1c9808ac631aafb99c1350709c904672ea4dc90f9
SHA256ab0706949eb844f5e283f8b7c9dd6506a16ba3730fb3f764c88b0053e262ddaa
SHA512a8e7912d7cc344e0e98fb3f71cfad16097ad0fc7a418c84231844e35ad663eb00907463cbe07a73507de211058d8d459c18579af5c3f87916b5805fb51169b32
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
372KB
MD53061145ea0c0c8378e3d7e678b54eb51
SHA1432c8f861f196739291b642bb3249b5f08bd5db4
SHA2567da0ced479531d54f6f4d4cb558b154e4585c1ac241815815dc6375887a9195d
SHA512621527bdda9a9c3713c7a5428c1607379493ac22006bfdfe10ba42b177b8864b0435698f6133939672aa2858c6b3a0766445c7a16d5d1acd0aaa6b63f4be94ae
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
40KB
MD57ce120ec6246d303dee35292b74b90f2
SHA1cc4a8a188d99c1fa57e7af8709d38031e9630f2c
SHA256db9273aa7f07d249947b1d64b80c7fe57385fb357783c6c48c01dac1b94e1215
SHA5125d6b80a7585bfc7942a019125e872eef4a88bb8ec8141456fee116e05b26711ada5d24f129480a14c6e63ad90b5afcb2b6ba39571ac17b9d5b4213a2f1dd8a80
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
525KB
MD51c62521f4ade74fe465aaf61049c3634
SHA1758bd079f98c5f1153213a4c78ee25f89eb64fa6
SHA256ae5544ebfa8d92072562dcc4f3a6b48e77ab1a1e263e8e8dabebf6a627286f9e
SHA5124b58f0216f2dcfff69f3e668d09e21c0c85a7087a01621f43a787344afcf31d05644b9374b2ee4719b2ede0019d88083104f7a8122409c1ea961a9c5016262fd
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
376KB
MD5c39daeba173815516c180ca4361f7895
SHA1db3ae54329834baa954569a35be5b947c86dc25e
SHA256a34bd87a23349bd52b8b0f25154235b90b698986c8849e101b7e40d11d48e4dc
SHA512e13cd98647059657355a69917898cdecdfc0b8da91036de1c030d20a4c5c1aacc06cd4d54fac65ecf1c8c44527dbba3c545f588260af1a0104b445e3f21ca929
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
834KB
MD5b0b2090c4200fb19e335598969a40f26
SHA1e31d5533f85ef03dd8eb21723df14ff71586bb60
SHA256e16ce1f8a1b24d03353502af35fa159ab9962b4ecce8f3bb9dd4b075552505cd
SHA512177dad69d6773dab432a39a91f113949573caa3f3513e1e79361e9d74efe813746bd25a9101ec6436be7476cd77b663102d7ee138a01afbc902738e3ad75fce2
-
Filesize
182KB
MD5fc136d5c16573d1d1a64b0a62b586235
SHA18363d0d80fb25e4ace7b77efcfe119b7675913a1
SHA2565a12236a02ba2984b62d7acfe5afb048e461fc4c76989d055ffe8965f212ebbf
SHA5120ad82e28de1a65251eb536aef9739a76baaaa28a41dae78faacb82a9d1acd83d71816051dec16b7664e16a741706803d1fc0ad914bcdca4d28cb2ac2a05ff427
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
763.6MB
MD5143d94d5593d64dfd6f5ba8d15137413
SHA143af1f03e1dae86f0208369385fb0af8a487ffb9
SHA2560c575035b464a7d2f62e71a164e82ad3cd4ef694aeb27fbeef1c27f86aa648ce
SHA5121a9894c3ace38aff436211f80836b1153c9a04f095115f114bccd6db2c55b04dd207ca89f2c835005a2be6861bd68291113ecc66de75e9d1da995d46c2f7f455
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.2MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
20KB
-
Filesize
10.2MB
-
Filesize
20KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
10.2MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.2MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
380KB
-
Filesize
48KB
-
Filesize
40KB
-
Filesize
88KB
-
Filesize
88KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
392KB
-
Filesize
392KB
-
Filesize
56KB
-
Filesize
472KB
-
Filesize
256KB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
160KB
-
Filesize
688KB
-
Filesize
688KB
-
Filesize
584KB
-
Filesize
584KB
-
Filesize
48KB
-
Filesize
48KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
200KB
-
Filesize
208KB
-
Filesize
208KB
-
Filesize
144KB
-
Filesize
144KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
592KB
-
Filesize
592KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.7MB
-
Filesize
10.2MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
1.0MB
-
Filesize
10.8MB
-
Filesize
184KB
-
Filesize
10.8MB
-
Filesize
72KB
-
Filesize
376KB