Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
165s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
21/11/2022, 09:23
General
-
Target
4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exe
-
Size
441KB
-
MD5
10adc0d375801678dcfc3852d68d8840
-
SHA1
bf3e1a50a100f54a066fb2324f61f07e7efb4588
-
SHA256
4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361
-
SHA512
1c9e308c77df3080bb335065d363955d9e23bf06a7b11e31b2e551d576320aa3bc386aa70c159cdabb142e4bc635cc7fafc793e3b0e46c629f33e1a291eba78b
-
SSDEEP
12288:9WR1NHSYCWIYWkPkpi2bW2mJhrpmKAUKu59p2Z9anP:9Wb1SYCWIYWkPciFx1mKRhLW9aP
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Executes dropped EXE 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Drops file in System32 directory 12 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exe"C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\JsUAkEIk\pQcUcwkY.exe"C:\Users\Admin\JsUAkEIk\pQcUcwkY.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
-
C:\ProgramData\IUEcYEww\tCocwIso.exe"C:\ProgramData\IUEcYEww\tCocwIso.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e3613⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e3615⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"6⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e3617⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e3619⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"10⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36111⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"12⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36113⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"14⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36115⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"16⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36117⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"18⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36119⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"20⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36121⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"22⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36123⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"24⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36125⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"26⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36127⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"28⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36129⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"30⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36131⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"32⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36133⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"34⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36135⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"36⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36137⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"38⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36139⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"40⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36141⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"42⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36143⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"44⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36145⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"46⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36147⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"48⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36149⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"50⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36151⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"52⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36153⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"54⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36155⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"56⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36157⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"58⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36159⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"60⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36161⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"62⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36163⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"64⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36165⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"66⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36167⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"68⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36169⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"70⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36171⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"72⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36173⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"74⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36175⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"76⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36177⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"78⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36179⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"80⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36181⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"82⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36183⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"84⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36185⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"86⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36187⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"88⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36189⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"90⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36191⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"92⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36193⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"94⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36195⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"96⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36197⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"98⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e36199⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"100⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361101⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"102⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361103⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"104⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361105⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"106⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361107⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"108⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361109⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"110⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361111⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"112⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361113⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"114⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361115⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"116⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361117⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"118⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361119⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361"120⤵
-
C:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361.exeC:\Users\Admin\AppData\Local\Temp\4b614ec4ba2277791c94c64eeb80151fbb65ec7dc8083333749d9891fed6e361121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-