Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
90s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
05/05/2023, 19:37
General
-
Target
cbeb8a1dc9c1cc99182866d178ecaea8.exe
-
Size
189KB
-
MD5
cbeb8a1dc9c1cc99182866d178ecaea8
-
SHA1
4fed98767f06ef15b165c4baa69ac9adfbcfc794
-
SHA256
f94a87a6b2201c05a4222db550ce2ea96991165ee8b3c25af7bfeb5a8bbd8d51
-
SHA512
0b46422897e1e0302fc29e3a7625fea0b929eefc4ca506616bc7456596e8520bfb047aaa73baf304991bddb6dfca6bf93673b5738555ad40e00f8ee6d60d80b5
-
SSDEEP
3072:TxoZBytUbHRMDHJA8rXlm+TjeVfsHSz26jk:FoZB+Uj8X4+6sHSi6jk
Score
10/10
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 64 IoCs
-
UAC bypass 3 TTPs 64 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 8 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exe"C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\asokIoMg\NWUswoUg.exe"C:\Users\Admin\asokIoMg\NWUswoUg.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
-
-
C:\ProgramData\AYQMckgQ\Amgcgckk.exe"C:\ProgramData\AYQMckgQ\Amgcgckk.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea83⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"6⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea87⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"8⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea89⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"10⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea811⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"12⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea813⤵
- Adds Run key to start application
-
C:\Users\Admin\cQMQYgcA\OIgEMQoo.exe"C:\Users\Admin\cQMQYgcA\OIgEMQoo.exe"14⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 3615⤵
- Program crash
-
-
-
C:\ProgramData\KoEAEoUM\FuAAcEkU.exe"C:\ProgramData\KoEAEoUM\FuAAcEkU.exe"14⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 3615⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"14⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea815⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"16⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea817⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"18⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea819⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"20⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea821⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"22⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea823⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"24⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea825⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"26⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea827⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"28⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea829⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"30⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea831⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"32⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea833⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"34⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea835⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"36⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea837⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"38⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea839⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"40⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea841⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"42⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea843⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"44⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea845⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"46⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea847⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"48⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea849⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"50⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea851⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"52⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea853⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"54⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea855⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"56⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea857⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"58⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea859⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"60⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea861⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"62⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea863⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"64⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea865⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"66⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea867⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"68⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea869⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"70⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea871⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"72⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea873⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"74⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea875⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"76⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea877⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"78⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea879⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"80⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea881⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"82⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea883⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"84⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea885⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"86⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea887⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"88⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea889⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"90⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea891⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"92⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea893⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"94⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea895⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"96⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea897⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"98⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea899⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"100⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8101⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"102⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8103⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"104⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8105⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"106⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8107⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"108⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8109⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"110⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8111⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"112⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8113⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"114⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8115⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"116⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8117⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"118⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8119⤵
-
C:\Windows\SysWOW64\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8"120⤵
-
C:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8.exeC:\Users\Admin\AppData\Local\Temp\cbeb8a1dc9c1cc99182866d178ecaea8121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-