8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

Analysis

max time kernel
179s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
Size

77KB
MD5

6ee180ec425d02262f678b9406b7347a
SHA1

c83df66131b5add17db1a182b9b11e0e0648b5da
SHA256

8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b
SHA512

7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa
SSDEEP

1536:HyqrQrFUH+HtWXiaAkc//////4KCCai/iZ72rHp/pOiqms1zLaqO0+SsNQM:pqOHjyAc//////jCCLi+Jz1Gaq4SsNd

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4332	cdosys.exe
944	cdosys.exe
2228	cdosys.exe
1344	cdosys.exe
3504	cdosys.exe
1000	cdosys.exe
5040	cdosys.exe
1440	cdosys.exe
4240	cdosys.exe
1472	cdosys.exe
4316	cdosys.exe
4452	cdosys.exe
308	cdosys.exe
3544	cdosys.exe
4652	cdosys.exe
2124	cdosys.exe
1344	cdosys.exe
3200	cdosys.exe
4216	cdosys.exe
4228	cdosys.exe
3612	cdosys.exe
3480	cdosys.exe
4240	cdosys.exe
1240	cdosys.exe
3344	cdosys.exe
2632	cdosys.exe
3752	cdosys.exe
1120	cdosys.exe
3196	cdosys.exe
4436	cdosys.exe
3440	cdosys.exe
3712	cdosys.exe
3992	cdosys.exe
3500	cdosys.exe
4064	cdosys.exe
2968	cdosys.exe
760	cdosys.exe
3344	cdosys.exe
3132	cdosys.exe
3528	cdosys.exe
3248	cdosys.exe
2100	cdosys.exe
2636	cdosys.exe
1196	cdosys.exe
2204	cdosys.exe
4844	cdosys.exe
4564	cdosys.exe
4396	cdosys.exe
3760	cdosys.exe
4460	cdosys.exe
3132	cdosys.exe
3468	cdosys.exe
2976	cdosys.exe
2648	cdosys.exe
2560	cdosys.exe
1540	cdosys.exe
4180	cdosys.exe
1332	cdosys.exe
4196	cdosys.exe
1004	cdosys.exe
4444	cdosys.exe
1772	cdosys.exe
4348	cdosys.exe
3968	cdosys.exe

Modifies Installed Components in the registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}\StubPath = "C:\\Windows\\system32\\cmd.exe /c C:\\Windows\\system32\\cdosys.exe /i"	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}	reg.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File opened for modification	C:\Windows\SysWOW64\cdosys.exe	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\c_l0599.nls	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
File created	C:\Windows\SysWOW64\cdosys.exe	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File opened for modification	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe
File created	C:\Windows\SysWOW64\_Setup.bat	cdosys.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
4332	cdosys.exe
4332	cdosys.exe
944	cdosys.exe
944	cdosys.exe
2228	cdosys.exe
2228	cdosys.exe
1344	cdosys.exe
1344	cdosys.exe
3504	cdosys.exe
3504	cdosys.exe
1000	cdosys.exe
1000	cdosys.exe
5040	cdosys.exe
5040	cdosys.exe
1440	cdosys.exe
1440	cdosys.exe
4240	cdosys.exe
4240	cdosys.exe
1472	cdosys.exe
1472	cdosys.exe
4316	cdosys.exe
4316	cdosys.exe
4452	cdosys.exe
4452	cdosys.exe
308	cdosys.exe
308	cdosys.exe
3544	cdosys.exe
3544	cdosys.exe
4652	cdosys.exe
4652	cdosys.exe
2124	cdosys.exe
2124	cdosys.exe
1344	cdosys.exe
1344	cdosys.exe
3200	cdosys.exe
3200	cdosys.exe
4216	cdosys.exe
4216	cdosys.exe
4228	cdosys.exe
4228	cdosys.exe
3612	cdosys.exe
3612	cdosys.exe
3480	cdosys.exe
3480	cdosys.exe
4240	cdosys.exe
4240	cdosys.exe
1240	cdosys.exe
1240	cdosys.exe
3344	cdosys.exe
3344	cdosys.exe
2632	cdosys.exe
2632	cdosys.exe
3752	cdosys.exe
3752	cdosys.exe
1120	cdosys.exe
1120	cdosys.exe
3196	cdosys.exe
3196	cdosys.exe
4436	cdosys.exe
4436	cdosys.exe
3440	cdosys.exe
3440	cdosys.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2968	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	86
PID 2652 wrote to memory of 2968	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	86
PID 2652 wrote to memory of 2968	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	86
PID 2968 wrote to memory of 2952	2968	cmd.exe	88
PID 2968 wrote to memory of 2952	2968	cmd.exe	88
PID 2968 wrote to memory of 2952	2968	cmd.exe	88
PID 2968 wrote to memory of 1888	2968	cmd.exe	89
PID 2968 wrote to memory of 1888	2968	cmd.exe	89
PID 2968 wrote to memory of 1888	2968	cmd.exe	89
PID 2652 wrote to memory of 4548	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	90
PID 2652 wrote to memory of 4548	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	90
PID 2652 wrote to memory of 4548	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	90
PID 2652 wrote to memory of 4332	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	92
PID 2652 wrote to memory of 4332	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	92
PID 2652 wrote to memory of 4332	2652	8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe	92
PID 4332 wrote to memory of 3968	4332	cdosys.exe	93
PID 4332 wrote to memory of 3968	4332	cdosys.exe	93
PID 4332 wrote to memory of 3968	4332	cdosys.exe	93
PID 3968 wrote to memory of 3544	3968	cmd.exe	95
PID 3968 wrote to memory of 3544	3968	cmd.exe	95
PID 3968 wrote to memory of 3544	3968	cmd.exe	95
PID 3968 wrote to memory of 3196	3968	cmd.exe	96
PID 3968 wrote to memory of 3196	3968	cmd.exe	96
PID 3968 wrote to memory of 3196	3968	cmd.exe	96
PID 4332 wrote to memory of 944	4332	cdosys.exe	97
PID 4332 wrote to memory of 944	4332	cdosys.exe	97
PID 4332 wrote to memory of 944	4332	cdosys.exe	97
PID 944 wrote to memory of 4592	944	cdosys.exe	98
PID 944 wrote to memory of 4592	944	cdosys.exe	98
PID 944 wrote to memory of 4592	944	cdosys.exe	98
PID 4592 wrote to memory of 1488	4592	cmd.exe	100
PID 4592 wrote to memory of 1488	4592	cmd.exe	100
PID 4592 wrote to memory of 1488	4592	cmd.exe	100
PID 4592 wrote to memory of 5108	4592	cmd.exe	101
PID 4592 wrote to memory of 5108	4592	cmd.exe	101
PID 4592 wrote to memory of 5108	4592	cmd.exe	101
PID 944 wrote to memory of 2228	944	cdosys.exe	102
PID 944 wrote to memory of 2228	944	cdosys.exe	102
PID 944 wrote to memory of 2228	944	cdosys.exe	102
PID 2228 wrote to memory of 776	2228	cdosys.exe	103
PID 2228 wrote to memory of 776	2228	cdosys.exe	103
PID 2228 wrote to memory of 776	2228	cdosys.exe	103
PID 776 wrote to memory of 4436	776	cmd.exe	105
PID 776 wrote to memory of 4436	776	cmd.exe	105
PID 776 wrote to memory of 4436	776	cmd.exe	105
PID 776 wrote to memory of 1328	776	cmd.exe	106
PID 776 wrote to memory of 1328	776	cmd.exe	106
PID 776 wrote to memory of 1328	776	cmd.exe	106
PID 2228 wrote to memory of 1344	2228	cdosys.exe	107
PID 2228 wrote to memory of 1344	2228	cdosys.exe	107
PID 2228 wrote to memory of 1344	2228	cdosys.exe	107
PID 1344 wrote to memory of 2248	1344	cdosys.exe	108
PID 1344 wrote to memory of 2248	1344	cdosys.exe	108
PID 1344 wrote to memory of 2248	1344	cdosys.exe	108
PID 2248 wrote to memory of 2768	2248	cmd.exe	110
PID 2248 wrote to memory of 2768	2248	cmd.exe	110
PID 2248 wrote to memory of 2768	2248	cmd.exe	110
PID 2248 wrote to memory of 3560	2248	cmd.exe	111
PID 2248 wrote to memory of 3560	2248	cmd.exe	111
PID 2248 wrote to memory of 3560	2248	cmd.exe	111
PID 1344 wrote to memory of 3504	1344	cdosys.exe	112
PID 1344 wrote to memory of 3504	1344	cdosys.exe	112
PID 1344 wrote to memory of 3504	1344	cdosys.exe	112
PID 3504 wrote to memory of 8	3504	cdosys.exe	113

C:\Users\Admin\AppData\Local\Temp\8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe
"C:\Users\Admin\AppData\Local\Temp\8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
    3⤵
    PID:2952
- - C:\Windows\SysWOW64\reg.exe
    reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
    3⤵
    PID:1888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\_deleteme.bat
  2⤵
  PID:4548
- C:\Windows\SysWOW64\cdosys.exe
  C:\Windows\system32\cdosys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3968
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
      4⤵
      Modifies Installed Components in the registry
      PID:3544
  - - C:\Windows\SysWOW64\reg.exe
      reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
      4⤵
      PID:3196
- - C:\Windows\SysWOW64\cdosys.exe
    C:\Windows\system32\cdosys.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:944
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4592
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        5⤵
        Modifies Installed Components in the registry
        
        PID:1488
    - - C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        5⤵
        
        PID:5108
  - - C:\Windows\SysWOW64\cdosys.exe
      C:\Windows\system32\cdosys.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2228
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:776
      - C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        6⤵
        Modifies Installed Components in the registry
        
        PID:4436
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        6⤵
        
        PID:1328
    - - C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1344
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2248
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        7⤵
        Modifies Installed Components in the registry
        
        PID:2768
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        7⤵
        
        PID:3560
      - C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3504
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        7⤵
        
        PID:8
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        8⤵
        Modifies Installed Components in the registry
        
        PID:5096
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        8⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1000
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        9⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        9⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        9⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        10⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        10⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        10⤵
        
        PID:664
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        11⤵
        Modifies Installed Components in the registry
        
        PID:2884
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        11⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        11⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        12⤵
        Modifies Installed Components in the registry
        
        PID:4300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        12⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        12⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        13⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        13⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4316
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        13⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        14⤵
        Modifies Installed Components in the registry
        
        PID:4080
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        14⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        14⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        15⤵
        Modifies Installed Components in the registry
        
        PID:548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        15⤵
        
        PID:208
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        15⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        16⤵
        Modifies Installed Components in the registry
        
        PID:4548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        16⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        15⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        16⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        17⤵
        Modifies Installed Components in the registry
        
        PID:2820
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        17⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4652
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        17⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        18⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        18⤵
        
        PID:776
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2124
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        18⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        19⤵
        Modifies Installed Components in the registry
        
        PID:2900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        19⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        19⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        20⤵
        Modifies Installed Components in the registry
        
        PID:2008
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        20⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        19⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        20⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        21⤵
        Modifies Installed Components in the registry
        
        PID:4588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        21⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4216
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        21⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        22⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        22⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        22⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        23⤵
        Modifies Installed Components in the registry
        
        PID:2592
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        23⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        22⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3612
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        23⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        24⤵
        
        PID:636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        24⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        24⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        25⤵
        Modifies Installed Components in the registry
        
        PID:4028
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        25⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        24⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        25⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        26⤵
        Modifies Installed Components in the registry
        
        PID:4564
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        26⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        26⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        27⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        27⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        27⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        28⤵
        Modifies Installed Components in the registry
        
        PID:548
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        28⤵
        
        PID:224
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        28⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        29⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        29⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        29⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        30⤵
        Modifies Installed Components in the registry
        
        PID:3968
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        30⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1120
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        30⤵
        
        PID:332
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        31⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        31⤵
        
        PID:744
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        30⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        31⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        32⤵
        Modifies Installed Components in the registry
        
        PID:776
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        32⤵
        
        PID:944
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4436
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        32⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        33⤵
        Modifies Installed Components in the registry
        
        PID:3304
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        33⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:3440
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        33⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        34⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        34⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3712
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        34⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        35⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        35⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        35⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        36⤵
        Modifies Installed Components in the registry
        
        PID:4604
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        36⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        35⤵
        Executes dropped EXE
        
        PID:3500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        36⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        37⤵
        Modifies Installed Components in the registry
        
        PID:4644
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        37⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        37⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        38⤵
        Modifies Installed Components in the registry
        
        PID:3496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        38⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        38⤵
        
        PID:208
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        39⤵
        
        PID:224
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        39⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        39⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        40⤵
        Modifies Installed Components in the registry
        
        PID:1684
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        40⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3344
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        40⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        41⤵
        Modifies Installed Components in the registry
        
        PID:4596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        41⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        41⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        42⤵
        Modifies Installed Components in the registry
        
        PID:2096
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        42⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        41⤵
        Executes dropped EXE
        
        PID:3528
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        42⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        43⤵
        Modifies Installed Components in the registry
        
        PID:3628
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        43⤵
        
        PID:332
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        43⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        44⤵
        Modifies Installed Components in the registry
        
        PID:1064
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        44⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        43⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        44⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        45⤵
        Modifies Installed Components in the registry
        
        PID:3452
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        45⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        45⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        46⤵
        Modifies Installed Components in the registry
        
        PID:4724
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        46⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        46⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        47⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        47⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        46⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        47⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        48⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        49⤵
        Modifies Installed Components in the registry
        
        PID:3828
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        49⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        49⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        50⤵
        
        PID:444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        50⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        50⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        51⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        51⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        51⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        52⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        52⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        52⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        53⤵
        Modifies Installed Components in the registry
        
        PID:1632
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        53⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        52⤵
        Executes dropped EXE
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        53⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        54⤵
        Modifies Installed Components in the registry
        
        PID:4288
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        54⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        54⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        55⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        55⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        55⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        56⤵
        Modifies Installed Components in the registry
        
        PID:2088
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        56⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        56⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        57⤵
        Modifies Installed Components in the registry
        
        PID:4468
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        57⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        56⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        57⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        58⤵
        Modifies Installed Components in the registry
        
        PID:4516
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        58⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        58⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        59⤵
        Modifies Installed Components in the registry
        
        PID:4116
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        59⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        59⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        60⤵
        Modifies Installed Components in the registry
        
        PID:4012
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        60⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1332
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        60⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        61⤵
        Modifies Installed Components in the registry
        
        PID:4616
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        61⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        60⤵
        Executes dropped EXE
        
        PID:4196
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        61⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        62⤵
        Modifies Installed Components in the registry
        
        PID:4252
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        62⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        62⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        63⤵
        Modifies Installed Components in the registry
        
        PID:3568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        63⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        63⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        64⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        64⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        64⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        65⤵
        Modifies Installed Components in the registry
        
        PID:4272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        65⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4348
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        65⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        66⤵
        
        PID:996
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        66⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        66⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        67⤵
        Modifies Installed Components in the registry
        
        PID:4952
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        67⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        66⤵
        Drops file in System32 directory
        
        PID:1200
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        67⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        68⤵
        Modifies Installed Components in the registry
        
        PID:3784
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        68⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        67⤵
        Drops file in System32 directory
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        68⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        69⤵
        Modifies Installed Components in the registry
        
        PID:3208
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        69⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        68⤵
        Drops file in System32 directory
        
        PID:3248
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        69⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        70⤵
        Modifies Installed Components in the registry
        
        PID:2668
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        70⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        69⤵
        Drops file in System32 directory
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        70⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        71⤵
        Modifies Installed Components in the registry
        
        PID:1960
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        71⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        70⤵
        Drops file in System32 directory
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        71⤵
        
        PID:816
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        72⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        72⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        71⤵
        Drops file in System32 directory
        
        PID:4132
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        72⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        73⤵
        Modifies Installed Components in the registry
        
        PID:2436
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        73⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        72⤵
        Drops file in System32 directory
        
        PID:1020
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        73⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        74⤵
        Modifies Installed Components in the registry
        
        PID:2460
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        74⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        73⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        74⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        75⤵
        Modifies Installed Components in the registry
        
        PID:4764
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        75⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        74⤵
        Drops file in System32 directory
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        75⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        76⤵
        Modifies Installed Components in the registry
        
        PID:4648
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        76⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        75⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        76⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        77⤵
        Modifies Installed Components in the registry
        
        PID:4072
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        77⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        76⤵
        Drops file in System32 directory
        
        PID:4640
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        77⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        78⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        78⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\cdosys.exe
        
        C:\Windows\system32\cdosys.exe
        77⤵
        Drops file in System32 directory
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Windows\system32\_Setup.bat
        78⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\reg.exe
        
        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /v StubPath /t REG_SZ /d "C:\Windows\system32\cmd.exe /c C:\Windows\system32\cdosys.exe /i" /f
        79⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{F170TY20-2745-PW5B-4C0N-179N1O1G62P2}" /f
        79⤵
        
        PID:1004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_Setup.bat

Filesize
352B

MD5
a489673646dff3e03a192378447fde73

SHA1
5457ca86431c0aed2868f867eabcf61888f7b819

SHA256
8d6443c842f2477f495669a2db5e85c70ae839f31767faa521eef70549a26f8f

SHA512
00c1462468a5097ae86f000da969862d6112fc949e9fe0cc30c62e3a3b28e2dec20789b27be4aeac5ac8dfcef100b8e4b064556bc3cb196ddce56bd261e6430c

Download Submit
C:\Windows\SysWOW64\_deleteme.bat

Filesize
248B

MD5
7809906716f662f13993b86d51945079

SHA1
17d4ce8078bfc4d8108b18e84db169fca3570845

SHA256
665cbad3dc9021294ce29177bd4436d3b335798141adee00d4ee4a742ab22677

SHA512
3fb7d80ad9b571a8473b928711976acdc80cc607b60c705b2189d031e23f61525dcb2dbd5c0d130430e2a4ff53753917b859b54061709e0909680197c929428a

Download Submit
C:\Windows\SysWOW64\c_l0599.nls

Filesize
914B

MD5
40d7c34d3d65569b658ae23c8fdd00a6

SHA1
149efaeec5bcb227138b4fc6cc8ad48a272e2981

SHA256
f93a0253377c295df76c2dc35cc6cfc60ca3e7272e453f7d276726e6a00b8558

SHA512
8981b0351e1e7428b132fdf5ef8c1851c7768107e4b18248409f711ba2123e69a4a199c83b8fe9eeb2e7a75460895051e0350bbc0a32272feee5f4d890f92fcd

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit
C:\Windows\SysWOW64\cdosys.exe

Filesize
77KB

MD5
6ee180ec425d02262f678b9406b7347a

SHA1
c83df66131b5add17db1a182b9b11e0e0648b5da

SHA256
8589078c2a540eda616a7c35e2f660b33fbb6c31f2388f28476c259740b0524b

SHA512
7fd913de77c65c2bf1e39200d65b213fa117a9d8f0dc0685d772122f0b342b16606e714c57a15b28b4e0208e162a9ce507589fc3aeb768b97f791bc2bd94c3aa

Download Submit