Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
20/10/2022, 12:06
General
-
Target
15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exe
-
Size
494KB
-
MD5
963383bf67029c42d33c0c98fc1c0860
-
SHA1
78b0b4ab6f19ddd86965169fb387a470b52415f7
-
SHA256
15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b
-
SHA512
6d3bed1bde87dfba0d43eeebe8722b00e6c235d28f1810b7c65eaaa6ab7ff876569d0d6353c93ca4f040b57c17f8de9ddeb553a7f91581701c2bd797e02f8ec0
-
SSDEEP
12288:eOiR3CeCMyLcQNTl0xNLQVNA6Q42Ip3mbUeUlO02lUZG:eOEyLuxaV1vp3N2H
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Executes dropped EXE 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exe"C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AecQgUoE\vowgQsgs.exe"C:\Users\Admin\AecQgUoE\vowgQsgs.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
-
-
C:\ProgramData\ccYIwccU\LAkAogoA.exe"C:\ProgramData\ccYIwccU\LAkAogoA.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"8⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b9⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"10⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"12⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b13⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"14⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"16⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b17⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"18⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b19⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"20⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b21⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"22⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"24⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b25⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"26⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b27⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"28⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b29⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"30⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b31⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"32⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b33⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"34⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b35⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"36⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b37⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"38⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b39⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"40⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b41⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"42⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b43⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"44⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b45⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"46⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b47⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"48⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b49⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"50⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b51⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"52⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b53⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"54⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b55⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"56⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b57⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"58⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b59⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"60⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b61⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"62⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b63⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"64⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b65⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"66⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"68⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"70⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"72⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b73⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"74⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"76⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b77⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"78⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b79⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"80⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"82⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b83⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"84⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b85⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"86⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"88⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b89⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"90⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b91⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"92⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"94⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"96⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b97⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"98⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"100⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"102⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"104⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"106⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"108⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"110⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"112⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"114⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"116⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"118⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b"120⤵
-
C:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b.exeC:\Users\Admin\AppData\Local\Temp\15b530a4f4a309ae537873ef1317476c788d1222a3b4cf4b3f6e3aa3e60bbc7b121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-