Analysis
-
max time kernel
52s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
11/12/2023, 01:09
General
-
Target
Patch_MB 4.6.x.exe
-
Size
65.2MB
-
MD5
221c91446a819b12ffe65263f9174928
-
SHA1
9f7464100e7ffc37116a6e55fb0575cb832fd523
-
SHA256
38b73b21597d336878202015e7a137a93b266e3a4d71274a24671cdd54b3d000
-
SHA512
0da45b29849c52dc2e1f91ff3a69b611717f32165bde4358b54d182337654f8acecb9f491d897428b388bf630a1a80dfdcd92433ab238fa2cd5788191985b0c2
-
SSDEEP
1572864:HOUOMLEmI4Z8TDCNU63i/BNJNRaGUwDfSzE3FjBdJ14A8/IuNbDdwNVLD:HOUOCEmzfWBNJN4iSzE3FjBCIuNbu/D
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 18 IoCs
-
Sets service image path in registry 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 11 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 19 IoCs
-
Enumerates processes with tasklist 1 TTPs 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 8 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious behavior: LoadsDriver 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 49 IoCs
-
Suspicious use of FindShellTrayWindow 23 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Patch_MB 4.6.x.exe"C:\Users\Admin\AppData\Local\Temp\Patch_MB 4.6.x.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4136EMR4.bat" "C:\Users\Admin\AppData\Local\Temp\Patch_MB 4.6.x.exe""2⤵
- Drops file in Drivers directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\qbF7647CA.7E\7z2201.exe"C:\Users\Admin\AppData\Local\Temp\qbF7647CA.7E\7z2201.exe" /S3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
-
C:\Windows\system32\attrib.exeattrib -r C:\Windows\System32\drivers\etc\hosts3⤵
- Drops file in Drivers directory
- Views/modifies file attributes
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr "keystone" "C:\Windows\System32\drivers\etc\hosts"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr "keystone" "C:\Windows\System32\drivers\etc\hosts"4⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr "holocron" "C:\Windows\System32\drivers\etc\hosts"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr "holocron" "C:\Windows\System32\drivers\etc\hosts"4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\pb.cmd"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mode.commode con:cols=86 lines=364⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
-
C:\Windows\system32\mode.commode 70,44⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo prompt $H|cmd4⤵
-
C:\Windows\system32\cmd.execmd5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo prompt $H"5⤵
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_LocalTime Get Day,Month,Year /value5⤵
-
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c copy/Z "C:\Users\Admin\AppData\Local\Temp\pb.cmd" nul4⤵
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh8⤵
-
-
-
-
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\timeout.exetimeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
- Enumerates processes with tasklist
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Executes dropped EXE
- Registers COM server for autorun
- Enumerates processes with tasklist
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh7⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Modifies system certificate store
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Enumerates processes with tasklist
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Modifies system certificate store
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
-
-
-
C:\Program Files (x86)\7-Zip\7z.exe"C:\Program Files (x86)\7-Zip\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\qbF7647CA.7E\ck.7z" -o"C:\ProgramData" -pgfdgjhdfkjdyugi7ur7dyfhgjdhfgGDFgnhjdf7 -y3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\7-Zip\7z.exe"C:\Program Files (x86)\7-Zip\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\qbF7647CA.7E\rs.7z" -o"C:\Users\Admin\AppData\Local\Temp" -pdsfmhjgdfkmhgjkdfuBFngdkfhgiduy5rg -y3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start-process -FilePath 'C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe' -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-' -NoNewWindow -Wait3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start-process -FilePath 'C:\Users\Admin\AppData\Local\Temp\rs.exe' -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-' -NoNewWindow -Wait3⤵
-
C:\Users\Admin\AppData\Local\Temp\rs.exe"C:\Users\Admin\AppData\Local\Temp\rs.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\is-KRFS9.tmp\rs.tmp"C:\Users\Admin\AppData\Local\Temp\is-KRFS9.tmp\rs.tmp" /SL5="$5015E,63820596,239616,C:\Users\Admin\AppData\Local\Temp\rs.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-5⤵
-
C:\Windows\system32\certutil.exe"certutil.exe" -f -addStore root "C:\Users\Admin\AppData\Local\Temp\is-E5357.tmp\BaltimoreCyberTrustRoot.crt"6⤵
-
-
C:\Windows\system32\certutil.exe"certutil.exe" -f -addStore root "C:\Users\Admin\AppData\Local\Temp\is-E5357.tmp\DigiCertEVRoot.crt"6⤵
-
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" /service6⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
-
C:\Windows\system32\timeout.exetimeout /t 53⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\xcopy.exexcopy /C /H /Q /R /Y "C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json" "C:\ProgramData\tl"3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start-process -FilePath 'C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe' -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-' -NoNewWindow -Wait3⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-4⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh5⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
- Executes dropped EXE
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh6⤵
-
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
-
C:\Windows\system32\xcopy.exexcopy /C /H /Q /R /Y "C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json" "C:\ProgramData\tl"3⤵
-
-
C:\Windows\system32\attrib.exeattrib +h +s "C:\ProgramData\tl"3⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic path win32_LocalTime Get Day,Month,Year /value3⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c tasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh3⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq SbieSvc.exe" /fo csv /nh4⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
-
C:\Windows\system32\reg.exereg Add "HKLM\SOFTWARE\Microsoft\Alu" /f /reg:323⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"3⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"3⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Alu" /s /reg:323⤵
-
-
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"2⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
-
-
-
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 1 /status off true /updatesubstatus none /scansubstatus recommended /settingssubstatus none2⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp"C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /FIRSTPHASEWND=$30192 /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-1⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" /unregserver2⤵
-
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamwsc.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamwsc.exe" /uninstall2⤵
-
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll"2⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh4⤵
- Enumerates processes with tasklist
-
-
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current" /v "SystemProductName"1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\reg.exereg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v "SystemProductName"1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh3⤵
-
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
- Enumerates processes with tasklist
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh2⤵
-
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
-
C:\Windows\system32\tasklist.exetasklist /fi "imagename eq mbamtray.exe" /fo csv /nh1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD582accd589e58159a692e9100bd3b465e
SHA1902557d1dbd8f9ed64f84488cb7c73487210ebf7
SHA2566bdec0ef737487b7bd8deb2d06a1e8eda903b95b35748f21eddc8c201a0ca012
SHA512b719bba8c3daead3b2b3976605888c41a60b048cd4148e7af5e71504857d5ac69eba812ba7c51361e1939430658ad5c93adfe9b908b6fedd2d212a9dab8d4b8d
-
Filesize
98KB
MD592a6320203f38284c6933cb688604953
SHA15da85dd96711ce1f42735ef5efd186522d6ac258
SHA256430aec65dbf3a88370124982af2bc2b24625ebd59417ad56b0e46b30d97c9884
SHA512f62f8c4d56d4a856cb8f6c71b6043f6f057d587c465a8b1fcd9db6089bb134b5a97a5950c37e741916dfa83a11a78a6cc881553ba5c2860300941da08c5399c0
-
Filesize
169KB
MD5bd641f0e08f5545bfe6488b893789fbd
SHA121635ec9db12cbf42555509d7f685ec5560d67fd
SHA2564fb8c482b5987f8c98a9ec4fc7c985460bc639b1bd106ec5b34f2c1c409c13ff
SHA512f274fa086a9707335eeaa4b603be68fcc78e50e4efde25e5164289fd1f72d131b92e211aa2b9ddf9c397b7c13504a3e428a75b90575059eca56e05f23b96443e
-
Filesize
209KB
MD5ccfe957b84a16ebceb094eb6f74a13cc
SHA194cbb838aed74195b3aabaa40a16b58adefe9c92
SHA25681c54d5934fa6f0caa3a6843753008bfb9b3152101560338c0468c09bf91c5bc
SHA512fd6cfd161440fbb8d82701212737dfd319657f297a1e0e305509dd2f091542565299444718e565d96532529fbe33bee668adce236d6c3bb410bb0a352d1891da
-
Filesize
45KB
MD5d62c87e29743c908177bb5103ae2fa38
SHA1e9836132a871573c73a07642aab3df6cfb69e5b1
SHA256ae9f29a323c6d9b149ff5277f02334a29acce0ec22670306e563bc89ddd92233
SHA512368d6a8672ffd480ac4868e9d8b2a1625ec5cfacdb38b597341933ba443c7df1a7565c85e645ab7ed45b96d1cc8dea2ca56635e302b3620b888c2a96c422d4ee
-
Filesize
271KB
MD573c313368fbc4742f4a9a739059578ad
SHA15a056e798c35b63ac3a4e063b420791524d1f77f
SHA256dd7cf1fd88d151bdde3b3d875e44e14097475aea6b17c7b5e8d48c2daada01bf
SHA51246fb379e24f430c1e63c223e09b6ba77736f50088ec186235835f62b6ac612e384f9c8bf76f4bce9bdd705cfa67bef709e1ff53f6c93dc18fa1f0269df60c806
-
Filesize
183KB
MD5a41b918a5c00370ae02b017d7f3d8958
SHA11d8292a67e2beadb89c4239302d184a77212572d
SHA2566581b13c6c2f8c452db565d189a5d6f2f4bf022f333d3e8f45e67422f438ad35
SHA5120e2b502832365d41db9bf29702f71cb2621eba876a099aabf243504c710353bae8d5fd9709003e46a3c0d82df9ad8090bf365d31447adc80536e22b26d21272f
-
Filesize
316KB
MD528eab7b356b089b4f868d73377d90281
SHA1ab375fb23160d92913c92d52192d969c06c3fa42
SHA2563eb149ac78495bb87341b3701858ee35cd0ab79cd03b87899dcc34e8223a942c
SHA512e12b96f909b7bf1c5e359675e2b2e4d43d7ca26181b22e9f61573b22098ea299f27d3630770b51a7a29e3d7e8552d9e87b1a139091d1c18834e896839782f92c
-
Filesize
51B
MD5bf86796fe0fb92b34e5f1100d5eb3bb5
SHA1bc10ef8edff446a9aae29a70be7fdb380979f916
SHA2562fc07c3fc5e834495d3f76b3f4b6454c57e78eb928cdd343b863d8170f00ed67
SHA512ef0c5e7ad46e9dd5dbe3741595b5887b34b75eab30de27343b02e68f0430e8a8cc7c79791f3a0ac1871d362eef3bd34f9bd4ac54e77a95ad1d1f2e1c65a10cbe
-
Filesize
47B
MD5f87ee333fc7093fb0a7d0bf86acde081
SHA18e5634b4eaf7ad9201be8fb04fd3ed734d3c5a28
SHA256e5ef72fb7af61be42f9f833f5e532ff4128a26e73920832ca87c5f00164e74a7
SHA5128530fb2efaa8de0c7f2a102a44fd4a035fbe9a06040290820fe0480e8f9bea2295695cce253023b92ad8ac0f2fe9563a6a0cd10e423e1c2e1fa212146276533f
-
Filesize
6KB
MD55911ef94fd6b13ed00581e68c1888868
SHA18b37fd447f0086716482cd17a8266a13e4b04373
SHA256c39c8c860e7d7c27da3a2709fd1c72a196159c1f64efa32cbdab70a71f70b9e5
SHA512a7b5fc81362287e89360a726225e6ba5789ad7bab10d4051b58038f296affb15fed2a25e19073706daa9d7444c1ff7fc6d66116ab3f641de60bba4ff2ed77f9b
-
Filesize
698B
MD53f7e99cb253f3210546d94d80422b62f
SHA10ae028e55e6a636224fc100f9644e6671b9e9c78
SHA2563d34c7774585a4979194979c316c6f776cd59b8beee42e4d442f977ecf01ed51
SHA512a061e2250c48310b425e2dfaa882a400a4f4d41c72e8ebd6aa308177e19befa130daf5a91cb6222f1cc714a3d52fc886e921820b510812dd7ce8f7a8b54571aa
-
Filesize
25KB
MD57dfb5c0eaea1770ebfc2eefdc6c53984
SHA1cb9aa1c4ef2822804d0bc7a3c82a1c37d5d3e3e9
SHA25623f940ef5a24cd7dd402acbd2e1af30eca8bef3ab690954b6b42336230c4e2c6
SHA5123f8777ad4f5e4d8ca6653ec550779493249cc5139209334a928b1e4a9805550b0e63d4d2812c4d642e11749536a8526c068ca2b9bbb3aaa6cbbbf3ab310d3828
-
Filesize
19KB
MD5d414dd9460451d48b8855871aa637c32
SHA145f8609604413e9d73898213fbad3a642268c0bf
SHA256a3bc9af123557aa9bc32c144f67716fd0d29182c4417012dbbd633414e4fb022
SHA51283ed97236658fd44ac4a52a9e5540f9f13f4d4331c23df8a6da7e8f9c526b5002351382fb95db94291fb0a8548880b7fe8174a4952c4f9153ac5a6533c832658
-
Filesize
514B
MD5aa3afff21234e7e02bf403ec37afcfc2
SHA133bd8d15a594b7636e9f2700ba9cebb2724b8a13
SHA256bdaa821c1a821182f6487ac6071e84e8dd556e03a666a6020482857412f5c1eb
SHA51202ca76bc58391980ce771d28e365c265dbdaf601979c395cae03d4b5566798cf3e86d815eba0b9e894973dac8ce5de65f04dcf8120bb75e666123dfde0bbfd4c
-
Filesize
24B
MD5546d9e30eadad8b22f5b3ffa875144bf
SHA13b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA2566089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA5123478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec
-
Filesize
24B
MD52f7423ca7c6a0f1339980f3c8c7de9f8
SHA1102c77faa28885354cfe6725d987bc23bc7108ba
SHA256850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69
-
Filesize
114KB
MD588cb32abb5f97d7e0b3a05fdeb8aea67
SHA1a3a334a49172e3137503900745f8ccdc904a07cd
SHA256cfe9e1c767968c6b431011e33003192f6991134945bf17cbacb4571340e42651
SHA512ee5bc97f812ab0e599e825cdc8fedd7f700ffe200e25fd0ecc30bbf41f193f1ff67d9b78b261d67fc4788ac5f48ca29b5c32534259ab4acd30b59fd3eac510fd
-
Filesize
280KB
MD560b8975c0f2cd853c7902af7ed07b123
SHA18588f5d18ff708588789462b5aa029a1dde6ddd8
SHA2569cb47bf3019b73511bc1bde4c6c684c11cd6fd8ab66d2ad02d79fcbca01d652a
SHA512c40c7885ca105db00f703f3b152b5e0b285cc50feb9bc9c65473d4fb22f3d6abde95093dde4a8a639b743a651ee0d3772edd012e20fd4f2a30ff363b58232a64
-
Filesize
83KB
MD5ebd73ba4ee707f39b4c76f5ed7b39d53
SHA15328511b5f390bc411f2897dec31c7c1e019c0a5
SHA256afc9ab346044328177a2b1e5f5a90b27e02a05f2dd57847cd78220906f33601c
SHA5129b58e68de697d544c18dcaab8d76702b20669492f54f94cfc8407dec0fc79fc82ff2689543831b24a428d6332c7acd9c6afacd6adc66c6241e3111388f580162
-
Filesize
136KB
MD5238a15dea00030bd115fc47033a135aa
SHA1b57348ffdd9b7599253dc7665ee11200206a3cbf
SHA2561f933534e8f78936d3e074bf36a0bc4b7c4534f3aac5dcbed5934fbca61dabf0
SHA5120c214f2ff11a2ec1c311a7fa40826db90c46671245b801eac028d2a3c3152c7283f98e6c169c9c22bf725e803b1ecc54e1646922c4695659ac2d8f35298db289
-
Filesize
1.2MB
MD5a65e53c974a4e61728ecb632339a0978
SHA127e6ec4f8e34b40f1e08503245700c182b918ce9
SHA256ca8ab5aeef734f24a3c58bf10b3f0152c2ea1329b02d2730448693df563b4c6a
SHA512b029962f08867496cd3fd5e9af4b0703dae918e938aee759aeffbb4184ea6d3e81e0878ba8957e80d30db5d7b6fc8598e68918a4d16b3d010f31a2e16417593e
-
Filesize
329KB
MD562d2156e3ca8387964f7aa13dd1ccd5b
SHA1a5067e046ed9ea5512c94d1d17c394d6cf89ccca
SHA25659cbfba941d3ac0238219daa11c93969489b40f1e8b38fabdb5805ac3dd72bfa
SHA512006f7c46021f339b6cbf9f0b80cffa74abb8d48e12986266d069738c4e6bdb799bfba4b8ee4565a01e90dbe679a96a2399d795a6ead6eacbb4818a155858bf60
-
Filesize
256KB
MD509a3995806569a7d3fdb05e54ea815ac
SHA1f6ea0bd03ef8d01fe92a63c750586b86ccdf7253
SHA2569e8a6672431aa5b805091c3e08f89417b7ba9ab931a031f3ff9641efccc6ed3f
SHA5120d76fe4b70225bbb2bcbf6734ae0a238a9b5b93eb53c6ed5feee30674c5dab79deb0b222100cf27bb8a1035832c3be153e900fe6a6703829a133126a57a76144
-
Filesize
520KB
MD5f813ed68f6335de3de0e5093d77ebc47
SHA122cd955bc62d331f0ddd80b3387313cd7d38cebc
SHA2560631886f6a2d33c8f6fe2b7ef4a7ab1d7292af2d0e9d0a586b1d001db82ab403
SHA512aead0026c4ef9411bc6f82e9f43a5672324c5ea94bc1b7e7f1a9f6fce982a823dc065a4ab31f21078514099288b69b0e4a1905488f6f8dfe247e0086d91b43ec
-
Filesize
256KB
MD5ba2764e73fbc40db494a688a8cc81133
SHA10b558231294c7659333f6ac7c5a1eb62cbeb9395
SHA256ee06f945ebfa30e6b3eb9c09a73f45d154c3ffa5692949754ca0471dabec83c0
SHA512b5f9a923168d82f3a6edb4c823bf41cd693424f5a47cc6690bd2b9fd57c9cef23683bda86267ef69fc305b2a502595fecd3e46b5b3c40ab59578c2f00a634fab
-
Filesize
607B
MD50297588a50c90f5bd608e8a283536fcd
SHA1355326e746040063f8a2b465239505ef59f218d5
SHA2568d27bc9ddb06151aa4f41fad255faa19ff5464087e6cd02b0de6f7a9c0db6c42
SHA51275ef2d181e8c8b5713328d45e513d8e1a54226e717a6d3bcb217640b8ee61bb2286e7c6bcbce2e4129d7a9af8481c0ed6e36ecf8483bcda1d11b43735b294cac
-
Filesize
905KB
MD5b4b03923fd8f7fd41c3d6ee6d9527a42
SHA1c69e474311980101b2e6d7c4027e9a971c0f7cc6
SHA256d0bf9a10b746f23e6cc596bb6189325a8ee66766fcb4ebdf5d888813a17b6828
SHA5126558a209572cbb9e7a15e336b451768a1aec3d07297218aa6ef4f95a41d59b0df5c3726e9d25f13e10ad4e758850fba2db3911e5e37d9ccc8147ef7a4c109240
-
Filesize
305KB
MD507ac2c0f25137ab90c9f7ac80219dd10
SHA16aebbc2ed34f2b3219bffeae136827042e22ca24
SHA256e12440c12054945b84c9ff02d4e7d8d134b9271576f9c7f1b8154870ddac0878
SHA512ed97ac511499eb397315e9c52deb842837ae69b2fbf369d9373340e809cf2982e30336cc615ff33ba0338f413a69fc9bbf17edaa4bfe3334df9f21115fc5159f
-
Filesize
215KB
MD5f4b807d001b82d0ca7fb572b4f56336d
SHA196f9f5266516838aaff5c49a8c4323bcd190b16f
SHA256c68d6af7d7eb22f53b1fbdfb4870a1e121f653c4bc0f00bc40c87598bf29f09c
SHA5126eff2c825fbba030b1db59e971e2993ac946c5fc7b4c4716f4b23cba8bc47b5f469c628bae16bb81168b696c241d6b130c49f85c4cfce9d991c46965391c1983
-
Filesize
2KB
MD50ff3f3ba83e1dc78aa42e205e1a01867
SHA10a557f31af77bfccccd9530227d593efb4809fd2
SHA2569c5dad17bd0878115a88a4c94405fbd9048294462eea474f265ddddedc90771e
SHA51280543530d28722b926d3aeda4a0c61fc5bea1812e38a3a1b7b84a5a1803c078bc54c32eff23b96766fd5e27301818f105d86235cdddbaa0dc51ac347ed3d7dfd
-
Filesize
162KB
MD58f601267658ca35cdd71de9c0f67c1f8
SHA146cd0fedd09f1a5e2a064944a531bd429c6389b6
SHA2560bd4fb49e79ae0c1d559a33b4ce41f9f05f6ec074d91f81c0809afcfb1ee82ce
SHA5127931617181577e216522c9bcdcad81ebf27e8ad2745f12e090aea360e082461a0160410754df37550b6528c5ba7840edd40dc568b01efcf508088a7d050c4916
-
Filesize
135KB
MD5781c56e9332ce6a6b8541bce4031978c
SHA144d360a13972c9a75e2ede8c9c50a216a372c187
SHA25644512a38e831473e388b9b180e1a3f5ed808e69a4b3ee7f152c96e71d1f9894b
SHA512dc07cfa416130f7621c015aec4aebcdaf00c446e6823bbef6173b47c0068e9813e1302219169f4b1d6f12a9354db85878068a71bddc5df0cf0cc8b864ee06644
-
Filesize
158KB
MD5157bcdae09817c07d3b4d3a22147c2e6
SHA10df6816b6bccb43d3c12fde5eb98bbc9043abead
SHA25657995e23c1fad05e84801a292f3bd6468ae1b8e6523aef016c12fdac40034bea
SHA512225caf6002241630e3f4212e6f30b1ff1e2de02e86e736dfa59bc9d0db782a5120fe1e2c719bd33b26a079d4485d0c1a87378eb0730763e270100ecc7d33f97e
-
Filesize
103KB
MD5a75668ae39a80bcf4c12c0ebcc729ab8
SHA1b9b8f6a2265683e8d2940b787e94491e7cf96b1b
SHA256e2e1f6cc9e58679e99287bc6daaaed2ad6cb9f42a11db48b90b739505d5045a1
SHA512bf8f6c86a7d479eab3bf3aaae57ea8db478d5e785682a54541adbdaebe0176c66a7f770f3f82398333816c4b1635d0f769f99f97a2cc98c5b333ba7b07ade4ea
-
Filesize
328KB
MD5ebe210b59bcb9270448eb10245eebb78
SHA13ed8f420c926ac0a8a3f2cf02d1024f3fdcc5c82
SHA2569cf3e77f3bfc24734c421519ccddcf5d6934b19749ba28057ecaea0c4f26cb7b
SHA512b627d82cce2c4f4e540f2f1f029ff9127f3da7e4712fc69dc71d4de5059b954b4aa82eb26492de1e15ddf4b5fcd3a3da971e41af6867bf6efae85eae8f418057
-
Filesize
208KB
MD57158aeea80525380d00985f757a38f2e
SHA17a94971bd17d44c1d4a6ac86f06a10b9bf470fd4
SHA256cf9d4ab7ba0d5444bda1f3707a2db5601ddc81e90d6a1ff8ec97536e316e99ec
SHA5121d323f3d7755dcc166ad586fd244143e19aa1cb4d32e43be6f79886d2b4bfcb6079f80f6ce69f3088b81700b8df5a877393f4ff182f57be37c1ff8c621dd76cb
-
Filesize
8KB
MD5bca20cfc224706d214d6d008d92d97cc
SHA1f452a806066eab3dbd4c932d879635f0b3f908df
SHA2568f91dc1759322271496cd0edf289d30a31f8e1f0cdf2a48c59f8ada1f0c32878
SHA5124c64e84de229c465e40611a754edcb37e7d391b1e61193875483ad1c9d412025acf2512c1480e9af6ac9b0b3b8a433310a632003c83edaa63a8d12d000d74b35
-
Filesize
53KB
MD50ec32ad0327d07c3d9ea486f9e60e4d4
SHA12db0b7f09c2cf313562353648c505e3132cdcfbe
SHA256abf40144d7e2f6518c58826625ef6cc2bad1db343a0ef1bc95a3cb8dd14fd616
SHA512f972c539868c6acba81806528080542d5c049f7dd1d8063610461437b08632db09136286f519fc5ed1e945ad7896eee6110edf9648245ed11b548c665f63de98
-
Filesize
69KB
MD5306b9f9291b0389182415e58647cba93
SHA15af6a5bfb3542933f79ff6c31eb284e6a991032e
SHA256c0393a137e0e3dc4f059096a355ea0051a876aaaa676d820b16fda85a0a27b95
SHA5121686a45d1ec932a1602b112e2b422ff9dbae4f0c6d174360977c52706a62d4f9a75f297697a4189c1b29a07b071cbf34cb6019cdc8f341089449414475329c69
-
Filesize
243B
MD5dc1c6a21b3964cc10a18b4fb0c8414fb
SHA192089438a29134fd3db434d7cfbab9238f756ead
SHA256c360045378e4d06dd5a8228919fe8ecbc6c570602f9b3b5c4c3b4f4409fb855e
SHA512ddc24c535b586d8575a9408b450d670a7832830da15c3130ce50283d53e0fc55f077776bbbac8631dfc36a613a3fc7e589cc61255550084daa7dd0e3520c85f5
-
Filesize
10KB
MD57d6ade3cf381b6828fd3f5cc34966895
SHA1b24e9f15010f21fd851e736c84fad3253d4a7158
SHA2566f41b5510f148ba31bcee7fc26266d1ef19652cbd16b1c372034c90d3508c14b
SHA512ab05ce955bb5c7ee558e0ac8a723b5df0699e8fabdfe3677918d1747362500699fd71eef8f35d8f4dcd93cb7027001d8ccdac2ca6cbca50d5522ff35d1000516
-
Filesize
10KB
MD5d23873268521d9392d63919e5c4ccc7c
SHA1b87007bf2eb0117d25ee00c06f1ddd17397a3956
SHA256d8d6667cbdef4dd27c0232bfc3d022676eccf73a7fe9b3b135107b13e7764559
SHA512a724d7034266b480eb90250ae3cf5ea26cf46e47c83a23ab610bc5bbf3ff3c10c5345441425485b37a8e1fc34537fb0ae6144c5b21b2c464c4eb5a048cd1e124
-
Filesize
1KB
MD5129ff98384c84095e82074941727267f
SHA1eeb735200826c1094a2b212fe3acd6c520dac127
SHA2565c1dad6502ff05b40e9995e21e2aae89d173451843b34bc1d485f4f45df3a06c
SHA51260b4bb2548b6f0f85b5a254b63d110f2562fb253e43ff4b6963844902292317723c076035682a6f834a1cb372bd0db5c16a0a7c7faf10cc0daea90933d918d08
-
Filesize
803B
MD52b4b31aaae38e9c48f5e068ec0550f91
SHA17823ff7fce395a84450d3c194a66d34cc0aeb19f
SHA256775c44bde5da76477dffdc8aae0745bc6d43a986028457c742b4a628cda89993
SHA5122bffb2eb2513011f6a79fbd94ebf335cc582c17e7df6cc2f7839837fa3bb3d19ceeece501bd75b6f04b1f58ff96f5e17e14a127f0098fc63c1334b182baa2274
-
Filesize
447B
MD50ed03dbe64aff45ba895b6a04c926e29
SHA1a3788dc6aeff1994a051db4c6e33546ef80f56e4
SHA2563fc5c45f19f22218e5a34162daf0a299a437c38f54bdf06a543ca45af0798a91
SHA512d3b918f0886f0e3c522f3a6ffe48df5fdcf6ed1f62ba2a3cb14d17c374845d369d6235506b096aebca6101ae408f35871bdd2ab8219d3eccae7eb6b9db2537d5
-
Filesize
645B
MD5983722d8576a6d40acc52ae4ca9290a1
SHA1ea189b7ed6ce3d27e74a65731da620690e2ae6c8
SHA256d1b219dcca897e9bca07d7dc8973f13801e03978294d14a71a90e8eb144b13a2
SHA5121dff55ad791090226ca2b62218cf6b5ed95c9f4578bd56141b7f91e86fe5cf8185f9c6d38c6470325c26931670ef3ad393745f4ad6a5b6ed2fd43daf3949b039
-
Filesize
5KB
MD5091939be50b51ed5e91342533d1cd0ad
SHA1b1c90e842ddf311a0b0d1b2323699cc3c760e4fb
SHA256611716ce61cea582d09c928c2eef2594ab466309beb6532c9d998c8caa895a73
SHA512d6a64783c7e9ea4115f60bf8b11a6e4969a81ee3dee17bda716b6ab177a7e6dd09b55a604051667d654da3f438b5a4aaf9b10ff67b0163fef57c7e4dceaa2ae0
-
Filesize
8KB
MD5a3aca62dabbdbcba1b64aca666a5a08d
SHA1a7f35c2b9143455e8997d2cf6dd353a52d34269a
SHA256e4a371fee5fc375102f6c507ef327f755d75d9863e2b6f3577ee9683de525983
SHA512ff4c8fd416b407879d2aa592ea681785ceea50d387a8720879dad10d9a2ce8dc68a12ee577aff7fb6e0c6cd3138853186f1a3a28a2707dff36b6e603bc305bf5
-
Filesize
1KB
MD5675d58fd93521fe2258d9efee4117873
SHA15290bfa55e813c48078a5158f094b2559effe0c4
SHA256df3b0bb6a729d27ef4ff9e47357df95a8bf51eea89a5a96f45a8a6edcea8f92e
SHA512a5fb9d7d6b300036d203f08d190b661b0d2eb75ea30966ee3a5287a2cdce40213fc2fd6c92379352f3458d9b2184e73b749012eaa76e3d4eeb5a829701a87446
-
Filesize
1KB
MD536f6cc934618072b91087ec2119203b9
SHA113d14b344596730e714cc9605424b8206c29a259
SHA2569f305ada46f634b2a7bc91868425afc937f7d077488f0beedfe73d2d1cd5757d
SHA512daefd34c0bab10b729eede0c8c6d822eb66849c79d38b4aebdc732c3be578bacddfd0d166eea8d9824a0985aacfae5cbccaeae94a6b76d6705401e9c34c8984b
-
Filesize
1KB
MD5c02d14c5ccd6a0499e4ce58fdc0c5f59
SHA1f80e0c95e65882b3f31a1075ed7fe7a8b9117381
SHA256be744e8aa9d31872fcd5700e0cdee444006751c19358439319049848a04b4ef9
SHA512beddca1463819f9265a9b8a620c96fa3cdb0e7ae4151f7c434c08c07e04106d8eb7861219ae993240961c2b5016b8e7fd2e88f06b11b04c66edebb8fcdce0f08
-
Filesize
338B
MD5cd18767ab1977bb1c6395b5b35f97284
SHA1848d5f70a0ef26ed3adf5bdf8ae35aa8c006965f
SHA256b8629d89316cde37251d43ad4374074a6a1ad2a0c8c892e867c25173472d3c98
SHA5125cccb867a7971f373e5d856467f63a1149f2b146fe8b2b31984de13b4b26cac6ac269f09f5dc9dcf19f416c75bfa680ac4592132874134d8f47241ba7815ddf3
-
Filesize
2KB
MD53b8091d0c1a508f9e71fc4d313800a6f
SHA105d1515be714cfe01a032759588fbe482988ebd6
SHA256d57af15b5dbcce53841de0413b87c9b083ff7fa8d1d4da9769e70c64e019b8ea
SHA51285de2d589fc8233e577ed5e17658c1c5ecfc4c402f764d464a9fe039d5e53fbbfd53449b01fed8a532d1c3bc45b83c8a572a08a0061a25e1f0b95b2a13f6f1ae
-
Filesize
5KB
MD559aed30b507ac6e0e97870741a72936b
SHA10ce18fdbc98b12ccf1df988164f8d539c44e3f76
SHA256bbcf4b954ed3fbb6ab280c5f46e7bf11b1b264e7a84788125498e92b88d8d1d4
SHA51203eef8dbab3090b2deab579a025e8989049db564911ecef9f8f63dbdcc2be9d21620e9e2b4a1ce8beeb15dec7de04122e8c1e2d041d57c2187f594d872f1945f
-
Filesize
59KB
MD5a71f4404ce93b8ee566ccc4f4d2105cd
SHA103e6ba01fbd3cbf800efdc076f6ce12d5dee7709
SHA256ace6d99fc4684de9c7281e960251dfdfd383c47e2020a7372c7dba563a2c5377
SHA512723e8c8e2d31d6e0301f073cec4bdd4d87abf3d1922b428a10ceedb22add2fcf08b44b6beee10ff67bf085a9fe41392d2adb10c69f6de0f5bafc3e3ea9341a4b
-
Filesize
344B
MD561ec00fd57d1b9bccb177d8f0ae0af82
SHA1544c899615d8cbf7daf6a52c7407929a2e2310e8
SHA256ee1c01b3254f180b22803ff8413cac2e8abae0e80bea7cbe96e0fc5a48aea046
SHA512fa21ad865efae6e0c0e00350899c7a811fea459577e4ee843380d72892cfa3dfe576eef688e15228ee7c56e26978dbec9198ffb2c2d0094218641c6fb53c6f46
-
Filesize
344B
MD535464fc6c1a49d8bf524af184b6ec581
SHA1fda4b7f2f618e65665f83524a5e1ff1acc2c6dbf
SHA2565beb9e49bed14c4f490a66123d37044669b2c59045a7bfb3933be7b649cb50d8
SHA51249ad15137594aaf822536775579c5b74d396bef64d1a55413ade5149bc3e3240f0e56f600eca3c0d0357383e5688718041039a1e6a1992b3bb5d5ef811db5115
-
Filesize
71KB
MD5445cc10e22647475a9a9baca3bd5e55a
SHA17f645456e08d85261fbd6b8e9abd92543910e37e
SHA256bb877a16e1517d3f6ffe9b992f72cfb800228705d0ef985b4f64279e13e906a4
SHA5124c2452817ce19048ea274bb09f7e4b5d27217d464d5b967bc431e3b82e63fa564448c2e133f9afec06486f41a8530b35a08a39ebfbeb1ca90f4a9d838ac9e65a
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
25KB
MD57ce2b8f5adeb8dc715dc3e9a1c38f2de
SHA117d59a680a1d13742b474094d82dd0419a463e38
SHA2568dabd287d79bea2cf611beed37b560d2aa03f335953bc18cb64e358968272b61
SHA51202bed36248c41377cf661750e2ee81ac845940fedad398541d594f9ecd3271070066d0d99feed9090dab29f03eaf49ce8b071940d421ca41d2039a6e50f3697c
-
Filesize
1KB
MD5379a301592736712c9a60676c50cf19b
SHA1c103790503bf8c2ff3f119adee027ebb429b9d21
SHA256cc7400692bd90e1b5fc44e11c8dd7c788cbb462f52ea3f3decb579e4d51eb268
SHA512dec25a31f2930eb575a43e654c29f170c261c1c4516767c0e71cc172ad6ad115914fb58d9cd79f681ff3d7c6baa6b7c0d6de99de09d7582c9807ae436f15572f
-
Filesize
1KB
MD5d25e0f479b9601edf2c9c2dad7ba2706
SHA12f1d0001e47394f4c4deec9645c5f2df99f91a95
SHA25663ff360aafde5ff959fb9671ec27002f99cbfae4907b410046b6a1b0f51cba9e
SHA5123ba164dad3cadf1ea9f0c555695e4d39cba47612599f547d0d0d59014577995c0ddbff0ef6a5e436867454da02d500136b54c034c2223586271b26108b2cfb5e
-
Filesize
7KB
MD54f8b110e37a818130310f0c34ec90dc5
SHA13bef6199fa0ba4c7b98d9c6a6c5a29c52ef9f3b1
SHA256db72101e43020be81ff304f50cf593497d66073be946502c16bcd64e7b2adcc3
SHA512d998b6f09e8750f8f99491e2c2dcbb0cec4a65f8154d795ca070eb131a4f88a30116715b67d1904a0b774e77d0b3ffdb994d10de5688e47f1e2901b10202402b
-
Filesize
80KB
MD5ba0774b946f3d1219419436a6b6a86ec
SHA15ae87bd4d92c189bdc6744e3c7b8b477e638f7f6
SHA256d9f45415b17d213b5fda177b6e90ece8f7eca106c4215c7c170b04f6552763f6
SHA5120470e2e4a6c76f23017c0ac41e2cd8f50938cffae2eb45794c13c0836da545dbcf31a77cf0a42fa4653ff9d918f23872dc3bee9a2a4d5cb475dbef48cfa8b025
-
Filesize
495KB
MD5a42c13930accfb5384dda2677647e449
SHA1d6b22ca79e193f9d7954590921a4eea50f17fd5b
SHA25607fa6d5d152b7f10b7bac8674cf2c8f9a6cebe84230fdf130b26981e39b5fed7
SHA5122ee5e10d084cd271fc4adaf0da3b601d01d603343593ac44530cc87dc64e58a91a32ac47056662d519f67399cf185bb19b4b7d19f9cee4e76038e2f4a12757cc
-
Filesize
1.2MB
MD5734e95cdbe04f53fe7c28eeaaaad7327
SHA1e49a4d750f83bc81d79f1c4c3f3648a817c7d3da
SHA2568c8fbcf80f0484b48a07bd20e512b103969992dbf81b6588832b08205e3a1b43
SHA51216b02001c35248f18095ba341b08523db327d7aa93a55bcee95aebb22235a71eae21a5a8d19019b10cac3e7764a59d78cf730110bae80acc2ff249bbc7861ad7
-
Filesize
3KB
MD536077dce4e212a4f0725b0a751232d8e
SHA196a8b8036ff5c83051f8a6ddce7a6a773c1f0aa5
SHA2561c8179c71656ae808346a325bdefa3c121b89e87621dfe5f2c4b6ecf31122c82
SHA512c145ea7b6dd1725ed57a2d2c1d62322d77f616ca9ba5db87e1754a12f5d791cc3a4b933fc4a0a9c92c6d3f1067dfb0a041edf3336b7c9e1023630da285a7997b
-
Filesize
49B
MD5c24e9a52485fa89e8aade8e0480f4004
SHA145b6e03cb951e4cdb665d22f89776367c5bbd080
SHA2563c534de402cb07ff4cbab140d81344ed3a4ddb9046bebe328f612972294b0148
SHA512cc93e7289984ccd342d6e4c8db4b9c0d25f9d4c239ae539f3d84dc224cc37ceeae26d082b2f362bfc6b1778085bee1768d6566ec2208b5c9ac5221b69a077f66
-
Filesize
10KB
MD500e2c7393785482cb3b6a16e70f4616a
SHA134bfac7b30f76cec30f67c846622cd9f5376eeeb
SHA256099cdcdbd73d53b4e4df567b165036c0b9c651fc177ffb7658d51e592f77bd36
SHA512e28399f17fe70acc3e568d93dc1f2ac10238b2938284374068acd4808f43c06c25d475c2459ab866f263c9e045a684f0bb46612ae07ab0eafc06d591292d0755
-
Filesize
770KB
MD5c6b2ae3b607fdb49ffd4ef154a7b376d
SHA1cf0688e3da45f76e7ace98601eeb22fb78d24583
SHA2562eec6f4c434076b0c392f562922632a95fea55de2522c396e32b613738de2fe9
SHA512d04464b8fd9b762c3983f759ba621cd43fbeb0bea8a6d771b3df70de01417a64581f2e6846901207314ac3192630376985532f47229816401691f2e876edae7a
-
Filesize
224KB
MD5d7375a697bf21713e3a506c84027f2bf
SHA10ea614d5b5ebaecc62bdacded9cbc7edd7869438
SHA256089bbf033e61da0bf2c15ac48666ab8a3373a44e0d81484dfb3a95e7b9343090
SHA5120c2b3ef4f33c4282342f757fcff0826c14120a33c3766e44aa4106f34b45cbf29a89356455610d0da761dd2c83790cb8e0206de4a4774c356fdcc900bea5e095
-
Filesize
237KB
MD5c086f2c134a10d07e3545d5820f0062a
SHA1a7fdc9a8e2f6a2e499f06a482e5c6d9bce31caed
SHA25650eb11787463b19e7b1941330585ff9fca868a9eddfb3c2e4a19914cd48d709b
SHA51206763d8a61a950d8f23fed9977a9c4e43f9d50544e5a2e1b5696019745809b396ac75be208bb658d324b3aa41d5378c16f8d0f9618d7c0e359a75d6dcb3a8e53
-
Filesize
7KB
MD5efd4d178242463e33005368bcc531161
SHA141bc76599dbd0a5bdc1c3daabbdbde307d127693
SHA256a86c4662fdee522278000eeb1b78f8ef49c5acc014dc02c90c591e2ca30f7518
SHA51274e3b199c15d15eb5b16eb7852f3d5c09c82de0a36e9a1ffbcdb9ad698515b87c413fdb81960886eb3c290d9eec558cac7c3912da0a3e4ab090d237a8a197c8b
-
Filesize
118KB
MD54ab867113fee345e802870a4c10a116d
SHA138a1037db242df6449923e4138353cf34dd8d1f4
SHA25685b2d961b0b03a3f0ff8d364289b98bf9634c9fea1ed52bb46a8a6155ee36abe
SHA5122941386297b9a8fdc565c8c2ff9268d1432d7db449b6b8fada588dbc718ff32b9821db36307cc72142c69b4117ad8725ebaa15cb4aa30c6d765166495cc09f7f
-
Filesize
1.2MB
MD57f260e71248a05b03fff78b902973058
SHA18fc170ddb1057ced500783a29f65d8e5bd7e1486
SHA256169cf8be2a697afb9fb90b5a19408368edacdb3a3932cc240a4774f63aa8eaea
SHA51209f4b604eb8ec5fbb631c7370f6ec24a08511af5113d8858f080a5a78de0c4bef8b501debea629cd2f859db020f408b90c71dd89276f89f17baa4785382ca25e
-
Filesize
1.1MB
MD5e51f2e52c10e9b3f1ae8922c488b93a0
SHA17dab557d3f9b0e5358b72b507adc78962e5855b7
SHA256a0f833b31e9995f62d22e9e40d015878ef77e14896763eee17eabbc5617443e6
SHA512b1bd39da736bf7127150af43f63d267839b6a7727aaec4c801caa8d0aa4a4fad7960fab25877a8704a2093e38398fb1371f7f7d86fc77ff36a6a157cee3d606e
-
Filesize
574KB
MD5bbb2667d9b2fd922e52883a63e8cd948
SHA1d4238ac5e2eb3ec7236e5e098ee3b31d26efebee
SHA25669392e292a0e7195e0c96bbbfe989949d044b63dbce2e5324f1bb99aa2560e3f
SHA5122f801ae372ca3fc4cd858b6d1783977c8357e5616f45311ffff70b3eee20490f2c6e34a12139a6c0b9faaaf6e59985fabc1cae22510e6b632bae425a58793681
-
Filesize
180KB
MD58445343a92b18d013ae654483f108f41
SHA18e3dfa05a0385a1934f7c0f7733515df4251c826
SHA25654ddcc9436a7e7b04d934c8b19948b4baf92232c4c5d62e6636907e5ef57a891
SHA512ac35e4b5fddb1cab4838897dfb8bab902369907aab66ceb0535972f604995c620afe80442846b95bf93f6b2fe964ee879b3e468b2c4436f2673282715290bbff
-
Filesize
102KB
MD5756216b8de0005e6be7b28bffba66ad8
SHA1a6e467f85ececb89a8e70e909885406b16e852de
SHA2563e66b2ccf3a7130c74add2a4cc1ca492301983189c2ce726261c5513bf4e488a
SHA512924c962d35849094ade21806f47fa44105171b4535d4f33a4fcdcb46ec4a54dd9366ca1245e966868e6723fee4312018a99fb652a884832688f30683179dd32c
-
Filesize
172KB
MD5373a7bcdfc77b0d8c470f9540a48563d
SHA125f6fbbf03a7f1e0f9661a5d003ae8f36d84862a
SHA2567c976449da3512d3158cd4cab5e92bbcaa641f1943ddfb930a9efef820b6111a
SHA5129afe1dfe08fa9c65edec68f3b9fe63d1266db27ed373c9a750f821305672b803c01deda7acb97286e717a4f0e002662767d79b73456722a6d9102758fa693b25
-
Filesize
126KB
MD5e6957f412a9a86535bcbfbe5398c71fb
SHA145f35302c4eda95d3c1281f46740320d149a1519
SHA2568ba11436e938e1d6332ea2b4d4d7488dd421a8286753aa2e25c3e870ba597709
SHA51212fcc6459001b31cb8d8a05a54aa2615dbec6f6ec83d529e0a65d34566c297103907950fdaeabb1cdb106aec5e486daeaa97e80570a18dcaa5d4f85fc5ad6120
-
Filesize
404KB
MD5e027a3fa799ef808782ad032cc9cf008
SHA191173b70b579dac0f5847e9db200f5e5a338a935
SHA2567b5af25ae9afd2aa603026d27ffe861e555e1d46f56cc192d68e0e3ca0f3eee6
SHA512f78a5c92d70532c8c826c2126bd7dba1b81711eab490338c6bd09f6f0462d3896cc0f486a63c9a7e5e130875a376cbd2667dd7a14fe1d098a066f4ab37b2ce16
-
Filesize
74KB
MD51438dc05a504ff1aa12842ccc2ea1fa4
SHA13fd4080a1fc87c35bd27ae27105b76e873225640
SHA2562229c8a0d253c7a307aaa9e6fec0665a6db5a41cd48911a2542bbef039a7d738
SHA512cd7bce95d55400f330b9b4a56c5acbe2704c9b2ce670437ac80e27942d963468b4210a93296c1e76c009ec8ce56b665b6f7648d13e91af53545b3cbf6f6c6f04
-
Filesize
349KB
MD5f51b7643b91788902cac65c3943217d6
SHA1fd26e9c05fdbad9d1df742283ad9a7595fa9443c
SHA256b8836758a6ad8d11c9c336912d7a4469d1c2e3eb8e43d5bae7178add422bd84c
SHA5120b4b3801c89fde07fc70be7f6d1200653df88f9f95be9f92a69fc199bcf056e61ab115a01f7457e3fec7b6042c9068413772ba30dbed9b46576f3e0381995505
-
Filesize
297KB
MD5476e0baad206a4436f91c6f1320511b0
SHA192fe64f9b71f75ca4e423fcdf7d912e70d4fa7d4
SHA2562e76706c9f3c0cc8eb340c48650001271bc0d64ddd10ff915811341f00172c64
SHA512670d2574263f4459a5510d30a7e1c6a49e527940fe4d571cfcc5ce12335ae62a8bcf3b1e0cd3a6e3cb3c210cbcffed8c986135fc17154cf044413cf29d5a4cbe
-
Filesize
242KB
MD54374111482d6cc3bb0839f8fc9041d2c
SHA15bd1dd68a3b3d68568e95217cfb8448007dd1d41
SHA256f714e942dd549fbcbdc3b4e1fab4ddc1876455a00dbe7eef5a616db649578350
SHA512dd44b0a298e6d54336063e1a509b16cf92b4ce8fe8b9465c60b37196ab18f7c9fe9a9fd68cb5336cdae87f0622bbc427b64c4236ddb359e7f8061d1429c2321d
-
Filesize
818KB
MD54845ba5ddf4fa0771f3d4ad5d3b891e7
SHA1118d7f9745badafb605ed94e247d61afa1e0d9e5
SHA25682bca259d720ddf90bb99ffdbee8bef134c078be04233255b8024a4604d7abcf
SHA512e59c688a60066f6a5cf63ac15af1d487b2bc9e36c85d38ceab07701b1a256176452590de0e44a9f10ba10d4d6a28bbbb4e995953a62d91bbb792a66627fdc3b4
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
63KB
MD51c55ae5ef9980e3b1028447da6105c75
SHA1f85218e10e6aa23b2f5a3ed512895b437e41b45c
SHA2566afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
SHA5121ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b
-
Filesize
638KB
MD53365247305dcf16709ff125c9d7f9c8b
SHA1ea6870fa86449aeaf14324edda501a8861109210
SHA256a50a426065d2c32dbb6326dbc33af73cc34dbfb9ff0a56a4e14bad6485ea39c5
SHA5122b8caebecc05111e84d5dd43895617c964d74d9996b1038bc285f24b1cb03eca0248e9a78dbf1c2439a94a93930e33e942b08c798b2983bd5251047be76a67d6
-
Filesize
123KB
MD555986303ce08dd35fe9d9e280680b1ca
SHA176e26458c41397c6e6f2d4c10ba40367f0912bda
SHA25600b30d25638b483707bfebe96169b61c00d2ed999cc8e60b36d128b67cf6f502
SHA51274b8d072d6b2ce2decde8567d5cfaac7aa5d6c232f8808a62891b51d1f9a633d8232820ba0a45110793ecf7beee99cef17069c08ed6f4ac353176d5fb4c474ac
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
276KB
-
Filesize
276KB
-
Filesize
276KB
-
Filesize
276KB
-
Filesize
32KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
84KB
-
Filesize
1.3MB
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4.2MB
-
Filesize
4KB
-
Filesize
1.3MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
612KB
-
Filesize
612KB
