Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
30/10/2022, 16:49
General
-
Target
5f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f.exe
-
Size
69KB
-
MD5
540125e84c96beae4f4508555d81a940
-
SHA1
206da5a201a1c1523178391d6f433e48e99dc747
-
SHA256
5f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
-
SHA512
1163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
SSDEEP
1536:vyqrQrFUH+HtWXiaAkc//////4KCwo0icTpXbPLqA89hAILaqN:xqOHjyAc//////jCwo0icTt/q7iqN
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Modifies Installed Components in the registry 2 TTPs 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f.exe"C:\Users\Admin\AppData\Local\Temp\5f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f3⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_deleteme.bat2⤵
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f4⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f4⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f5⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f5⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f6⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f6⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f7⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f7⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat7⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f8⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f8⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat8⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f9⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f9⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat9⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f10⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f10⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat10⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f11⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f11⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat11⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f12⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f12⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f13⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f13⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat13⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f14⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f14⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat14⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f15⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f15⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat15⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f16⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f16⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat16⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f17⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f17⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe16⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat17⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f18⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f18⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat18⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f19⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f19⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat19⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f20⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f20⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat20⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f21⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f21⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat21⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f22⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f22⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe21⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat22⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f23⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f23⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat23⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f24⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f24⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat24⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f25⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f25⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe24⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat25⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f26⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f26⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat26⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f27⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f27⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe26⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat27⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f28⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f28⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe27⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat28⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f29⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f29⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe28⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat29⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f30⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f30⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat30⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f31⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f31⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe30⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat31⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f32⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f32⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe31⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat32⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f33⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f33⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe32⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat33⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f34⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f34⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat34⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f35⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f35⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat35⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f36⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f36⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe35⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat36⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f37⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f37⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat37⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f38⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f38⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat38⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f39⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f39⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat39⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f40⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f40⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat40⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f41⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f41⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat41⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f42⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f42⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat42⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f43⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f43⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe42⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat43⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f44⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f44⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat44⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f45⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f45⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe44⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat45⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f46⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f46⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe45⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat46⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f47⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f47⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe46⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat47⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f48⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f48⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat48⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f49⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f49⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe48⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat49⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f50⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f50⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat50⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f51⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f51⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat51⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f52⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f52⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe51⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat52⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f53⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f53⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat53⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f54⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f54⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat54⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f55⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f55⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat55⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f56⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f56⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat56⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f57⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f57⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat57⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f58⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f58⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat58⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f59⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f59⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat59⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f60⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f60⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat60⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f61⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f61⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe60⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat61⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f62⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f62⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe61⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat62⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f63⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f63⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat63⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f64⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f64⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat64⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f65⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f65⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe64⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat65⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f66⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f66⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat66⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f67⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f67⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat67⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f68⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f68⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe67⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat68⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f69⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f69⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe68⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat69⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f70⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f70⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe69⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat70⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f71⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f71⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat71⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f72⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f72⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe71⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat72⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f73⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f73⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat73⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f74⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f74⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat74⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f75⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f75⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe74⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat75⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f76⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f76⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe75⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat76⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f77⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f77⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat77⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f78⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f78⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe77⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat78⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f79⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f79⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe78⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat79⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f80⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f80⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe79⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat80⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f81⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f81⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe80⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat81⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f82⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f82⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe81⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat82⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f83⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f83⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe82⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat83⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f84⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f84⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe83⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat84⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f85⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f85⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe84⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat85⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f86⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f86⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe85⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat86⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f87⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f87⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe86⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat87⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f88⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f88⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe87⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat88⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f89⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f89⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe88⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat89⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f90⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f90⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat90⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f91⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f91⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe90⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat91⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f92⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f92⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe91⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat92⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f93⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f93⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat93⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f94⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f94⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe93⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat94⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f95⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f95⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat95⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f96⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f96⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe95⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat96⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f97⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f97⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe96⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat97⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f98⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f98⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe97⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat98⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f99⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f99⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat99⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f100⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f100⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe99⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat100⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f101⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f101⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe100⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat101⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f102⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f102⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe101⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat102⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f103⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f103⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe102⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat103⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f104⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f104⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat104⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f105⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f105⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe104⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat105⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f106⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f106⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat106⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f107⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f107⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe106⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat107⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f108⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f108⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe107⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat108⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f109⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f109⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe108⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat109⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f110⤵
- Modifies Installed Components in the registry
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f110⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat110⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f111⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f111⤵
-
-
-
C:\Windows\SysWOW64\capisp.exeC:\Windows\system32\capisp.exe110⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat111⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\capisp.exe /i" /f112⤵
-
-
C:\Windows\SysWOW64\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{VSIZ223X-50H6-3RXJ-CP6E-TS2OC16AEP60}" /f112⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
352B
MD5f8d7e2c786fd1c34b7d389148bef3219
SHA1d0c8fdd64bbe70a371bfe572c34bf080626f8aae
SHA25650cf8e8c9f5153916c560bb41237d7c150d438a19eebebeb0f7a9072a0720851
SHA512f3b25d231e8df1922cc12ea62ea3b28e5c86e0ad179815bfbc3924c4a3b14e9cb1e882156783ca9e5b2ccf441086b5737bfd42541b78e17b47412c6996ead0d3
-
Filesize
248B
MD58ffbfd8f8ea38902d2d9314890593a98
SHA1f0f7147c762b5a67f30dbe649df3b01eaefa435a
SHA2568c1f5c353df8538bcee24b5701debe453b07db27974d13db875f94d6f16f42c9
SHA512ac2a980bb9ea52b29277ec976a4ac8f03f08c557a6827d14929356ad721607148cdeacbbac098ce0d7d72c92211dcdae5fe18eaa2641db90bae60a443b567ad1
-
Filesize
930B
MD5568a2ade7830dc460649c69287b34257
SHA13edcfdf1ad3f1e2bb7ca0f8855b930401ba2addf
SHA256c9661e7406932034f1540f9f40e349582e10a56f9fd2f43f76e4ebf324a406d7
SHA51209c4297986551ea4fa9de8a44e61974372aacf25123a6f47ba720d14b19bf75099c93eb3558cf79cd9a054920db7d37451ceb705b77b5a96d12f00dfe04093e9
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082
-
Filesize
69KB
MD5540125e84c96beae4f4508555d81a940
SHA1206da5a201a1c1523178391d6f433e48e99dc747
SHA2565f33146174766292f9bcadb29a4d62ec82e161101bdc26287b97ce8237c9be1f
SHA5121163816ae2c39128d2c08ae20fb7758b8b7b501e4c9dfcc7822ea58c417a0701d25f9c4592120223ed3283d17f616606634795120c592203f1a2fb354ef71082