Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
188s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
20/10/2022, 12:03
General
-
Target
b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe
-
Size
439KB
-
MD5
42526338eba2dea6bbe3e733cca203d0
-
SHA1
ef858b005e62f3200c9cbf71ad4fd3e9fc18e77b
-
SHA256
b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f
-
SHA512
d964d83eeb99031f1ee6cbcc6098b388aedf6bae26c3c1d78d4431924faea174e78f67d79d53dd6960f69091ffc9bbb657c0280da6f5641f7cf082c287c17ec1
-
SSDEEP
12288:WwYIGAYrF06GhThvMikc/5cv7K3LJx9ahDFXyGCrHV:WwYIGA3ThLLmKd7ahMGCrH
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Executes dropped EXE 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Checks whether UAC is enabled 1 TTPs 6 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe"C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hiQEIUIo\PkAAwMsw.exe"C:\Users\Admin\hiQEIUIo\PkAAwMsw.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\ProgramData\QoocYQcQ\dGkQwgoY.exe"C:\ProgramData\QoocYQcQ\dGkQwgoY.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeYQoAkk.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\ProgramData\FIAcIQUc\ugogcwEY.exeC:\ProgramData\FIAcIQUc\ugogcwEY.exe1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DScUoQIo.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWkwQQoU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"5⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f6⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"7⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f8⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"9⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f10⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"11⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f12⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 113⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dKQMIMUE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""13⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs14⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f13⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 213⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"13⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 111⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f11⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 211⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkgcQYgQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""11⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 19⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 29⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hMsAUsMo.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""9⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs10⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f9⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 17⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 27⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f7⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOoYssQU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""7⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs8⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs8⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 15⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 25⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f5⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWosUgEg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""5⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs6⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWEUkIsg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f5⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CoEsEUgo.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oQcAcocA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\besIsEcs.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
- Checks whether UAC is enabled
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f4⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYQAAQMw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""5⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs6⤵
-
-
-
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HioMUoYM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCAsEEQs.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waosUAMA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yIMYsYUU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LeUMwwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcwoIEAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""5⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs6⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fysQkMcE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"6⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"8⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"10⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"12⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f13⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"14⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f15⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"16⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f17⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"18⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f19⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"20⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f21⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"22⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f23⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 122⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f22⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 223⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 123⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"23⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DsUUIQIk.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""23⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs24⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CokUAoAg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""20⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs21⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f20⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 220⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 120⤵
- Modifies visibility of file extensions in Explorer
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\buksYgws.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""18⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs19⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f18⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 218⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 118⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 116⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f16⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 216⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RegMkQII.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 114⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 214⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f14⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f15⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ywAgoEAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""16⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs17⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dQMQcQcE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""14⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs15⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 112⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f12⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 212⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wCMAwsIg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 110⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 210⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqoUcgoM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""10⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs11⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYgkwQMw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""12⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs13⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f10⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 18⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f8⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 28⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dsEIoIkY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"7⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f8⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f7⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 27⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 17⤵
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGgcwkEA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MckEEIgg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEkwEwEc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LCAkwUos.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMwMQwwc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGsokIAE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uYowcYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VqAwIEkc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VoIwgQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cqkMYgUU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"6⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XMUEwksw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""8⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs9⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yIAMkIYM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""6⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkQQQIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- UAC bypass
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIYUQAMA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FiEYUkAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PQowYgQg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lQsAQMok.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QSsIoUUw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSYQwMAk.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWUEcAQg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGMcogQg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yOggEMcE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IAkUMYoc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAswcYoc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqgoUAsw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JSQQoEAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOgMQQMw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
- Modifies visibility of file extensions in Explorer
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cecoAkME.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f4⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYoIAkME.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQAwoUEM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gWAUIAcM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f2⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 23⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FCAUAUYI.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 13⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hGYIwQgw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""3⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs4⤵
-
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- UAC bypass
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f6⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 16⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"6⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwoMcAQg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""6⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs7⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqIgMcAM.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mYQMwswE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
- UAC bypass
- Checks whether UAC is enabled
- System policy modification
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqgYogkg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZOgckswA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""4⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs5⤵
-
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gyAskQMs.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSwUkIcU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyMUgQQA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- UAC bypass
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"4⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f5⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 26⤵
- Modifies registry key
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f4⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 24⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 14⤵
-
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wskYAgEw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cwYoAEIo.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QagYEEck.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZuoUkggQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TUYMIkgw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
- Checks whether UAC is enabled
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bykokoMk.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- UAC bypass
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\beEoAoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rKkswswE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paQUIgQg.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tYowUEME.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lkEMcYUc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYgIgQMw.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IgYkcMss.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGsAIEAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QIsAQscE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IecAcYoc.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bwQUUYIU.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f2⤵
- UAC bypass
- Modifies registry key
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 22⤵
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 12⤵
- Modifies visibility of file extensions in Explorer
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gOosgscE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uocsgscE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DMQkUMcE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQUQoEMA.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs2⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZqokAscE.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- UAC bypass
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 21⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QeUQUkAY.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f"1⤵
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQgcIYsk.bat" "C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exe""2⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f.exeC:\Users\Admin\AppData\Local\Temp\b8bcf7f99b2403289f47c07a9103c9dbf8c8f3d797eb3c1f3f0dcfb193f0267f1⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f1⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\reg.exereg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 11⤵
- Modifies visibility of file extensions in Explorer
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
-
C:\Windows\SysWOW64\cscript.execscript C:\Users\Admin\AppData\Local\Temp/file.vbs1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
432KB
MD5958b3f96bbe3340fb887da87f253c7e2
SHA1f008570eb368d0ae2a0a9b18ea97c91373ae7110
SHA2560ae51ef08bef0a0703e90e3c1c9cf07dbe4aa2c8558389d73e570572348ca4e4
SHA51298879794faf02a9bd73d0cae520174b830cf3ac413323c97384c9c83ce4f9c806f4968a3ad75675ac698b02b35d2c219a469f601ac5d189876b7dd75ae5911bd
-
Filesize
432KB
MD5958b3f96bbe3340fb887da87f253c7e2
SHA1f008570eb368d0ae2a0a9b18ea97c91373ae7110
SHA2560ae51ef08bef0a0703e90e3c1c9cf07dbe4aa2c8558389d73e570572348ca4e4
SHA51298879794faf02a9bd73d0cae520174b830cf3ac413323c97384c9c83ce4f9c806f4968a3ad75675ac698b02b35d2c219a469f601ac5d189876b7dd75ae5911bd
-
Filesize
431KB
MD51fccaf84574aa2abb376307d415194ae
SHA1d72131118eca39f1904d27ee5908a2a9de034131
SHA2561b4c863e5e540b81e7cb753377bb6d7f90cbc7da0cf76e41d798b9fd3af5cff8
SHA51241ff05629c34537dcd6277fd6e5c72bce5f43abc4ab9140b43b7c4e65d6ea54d5f8ca623318f3fe10b8adc234e30a4621bdc3defd83c363d4e8f4d99f6cced64
-
Filesize
431KB
MD51fccaf84574aa2abb376307d415194ae
SHA1d72131118eca39f1904d27ee5908a2a9de034131
SHA2561b4c863e5e540b81e7cb753377bb6d7f90cbc7da0cf76e41d798b9fd3af5cff8
SHA51241ff05629c34537dcd6277fd6e5c72bce5f43abc4ab9140b43b7c4e65d6ea54d5f8ca623318f3fe10b8adc234e30a4621bdc3defd83c363d4e8f4d99f6cced64
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
6KB
MD52cfa6796fc3ef55c4c52c89ffee69a01
SHA127f7ec659a880adc68377806cfed8a19a83d7a19
SHA25601d3f4fcf587946f892683a96fe4417b877cf8e6ff40ec63c769d5133364d5cd
SHA51268b90ed4f4bcccb864a60e89489b6a11812c229e3b04b4ee526f4f0a0ed434883b1ed0d241e7098143b172795761fc6e0af1ae07155abb7c9ca24c3d979cd610
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
19B
MD54afb5c4527091738faf9cd4addf9d34e
SHA1170ba9d866894c1b109b62649b1893eb90350459
SHA25659d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA51216d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
112B
MD5bae1095f340720d965898063fede1273
SHA1455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA5124e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024
-
Filesize
434KB
MD5e3a1ffbcd378ba5627dc430fe79aca8a
SHA1b5e2bbfec82892d54757a742f0ce08206817754b
SHA256d61e9c97ef54eeb9fe88c18e87b97a0d07b350afef0a5b3213743e090170d8d1
SHA512c7a404dd2731ea66e9a4f192deaeba960dbcd43a963de4ecee6cd0532bf52841617fa83ebe3379744a3f36bde55e9ba1b241dc0167ae122315c05996b9195392
-
Filesize
434KB
MD5e3a1ffbcd378ba5627dc430fe79aca8a
SHA1b5e2bbfec82892d54757a742f0ce08206817754b
SHA256d61e9c97ef54eeb9fe88c18e87b97a0d07b350afef0a5b3213743e090170d8d1
SHA512c7a404dd2731ea66e9a4f192deaeba960dbcd43a963de4ecee6cd0532bf52841617fa83ebe3379744a3f36bde55e9ba1b241dc0167ae122315c05996b9195392
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
444KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
444KB
-
Filesize
444KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
444KB
-
Filesize
444KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB
-
Filesize
456KB