Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
03/10/2022, 18:43
General
-
Target
ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exe
-
Size
442KB
-
MD5
67745e5268513ec80e8c56f95fe9e340
-
SHA1
44e40f02fa8a0dee253585127d5ac8d6c21ba2b5
-
SHA256
ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4
-
SHA512
4dfed708a9d1e0a10d949a35a78ef74e826c0c1431628a7ab2bf9d3072c3be14d056e6ab36acb0e5bb199812355db8816e39c071b5672ec6ec91738110237bb6
-
SSDEEP
12288:I+oxj7Ch3Z5OV1qUC9QBAZNxeIZMorCaD1:I+o9qJ5OO6KZNxeIZMorCO
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Executes dropped EXE 3 IoCs
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exe"C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\QugogoAU\bmIwQsog.exe"C:\Users\Admin\QugogoAU\bmIwQsog.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\ProgramData\dAUUgEYU\rIYIIgAk.exe"C:\ProgramData\dAUUgEYU\rIYIIgAk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c43⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c45⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c47⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c49⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"10⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c411⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"12⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c413⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"14⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c415⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"16⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c417⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"18⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c419⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"20⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c421⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"22⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c423⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"24⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c425⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"26⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c427⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"28⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c429⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"30⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c431⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"32⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c433⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"34⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c435⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"36⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c437⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"38⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c439⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"40⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c441⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"42⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c443⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"44⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c445⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"46⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c447⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"48⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c449⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"50⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c451⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"52⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c453⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"54⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c455⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"56⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c457⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"58⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c459⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"60⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c461⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"62⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c463⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"64⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c465⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"66⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c467⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"68⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c469⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"70⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c471⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"72⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c473⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"74⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c475⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"76⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c477⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"78⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c479⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"80⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c481⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"82⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c483⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"84⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c485⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"86⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c487⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"88⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c489⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"90⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c491⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"92⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c493⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"94⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c495⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"96⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c497⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"98⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c499⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"100⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"102⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"104⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"106⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"108⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"110⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"112⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"114⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"116⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"118⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4"120⤵
-
C:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4.exeC:\Users\Admin\AppData\Local\Temp\ac3bcb42500dae24834b7b3460a102b3df58b0d9664b4cefb3d2584b74fdf0c4121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-