Analysis
-
max time kernel
4s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-03-2024 16:53
General
-
Target
dxwebsetup.exe
-
Size
8.0MB
-
MD5
9e9056c96170bbe10f6bac77e63cb33a
-
SHA1
fb648b3990b695a0d54f87459a92aa31d8d5da79
-
SHA256
bb645f9db8579e4905de3c73e4e82e2f6b897205cd850fddf89a1147eeeca401
-
SHA512
b65d2040728ba6af4458f7bc845eb6692e52e00d780918efab8047b204c87b4328594c4be828b9b4d1b0fa9d62b06231a462448295e78072e65695ee2aca6019
-
SSDEEP
196608:8AVbV6yBkRlyxZ8C/VZoyjTYmMFxUhkITUYKVz6TIdpRVqY0EZUqj:xVbgyxZ8C/Vcxu1nKVZRVfKi
Score
10/10
Malware Config
Extracted
Family
blackguard
C2
https://api.telegram.org/bot6212779721:AAH2ucrbRMmKbad4xx6D8A7uUPm_fTJwP-Y/sendMessage?chat_id=1859600982
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Executes dropped EXE 28 IoCs
-
Loads dropped DLL 64 IoCs
-
Looks up external IP address via web service 17 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs ping.exe 1 TTPs 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""5⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"6⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""8⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost9⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"8⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""9⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost10⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"8⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"9⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"8⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"9⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"10⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""11⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost12⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"9⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"11⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"11⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"12⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""13⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost14⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"11⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"13⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"12⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"14⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""15⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost16⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"13⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"15⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"14⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"16⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"15⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"17⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"16⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"18⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""19⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost20⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"17⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"19⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""20⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost21⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"18⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"20⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""21⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost22⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"19⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"21⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""22⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost23⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"22⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""23⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost24⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"23⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""24⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost25⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"24⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""25⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost26⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"25⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""26⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost27⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"26⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""27⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost28⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"27⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""28⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost29⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"28⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""29⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost30⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"29⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""30⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost31⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"30⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""31⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost32⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"31⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""32⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost33⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"32⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""33⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost34⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"33⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""34⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost35⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"34⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""35⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost36⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"35⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""36⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost37⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"36⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""37⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost38⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"37⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""38⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost39⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"38⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""39⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost40⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"39⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""40⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost41⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"40⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""41⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost42⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"41⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""42⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost43⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"42⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""43⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost44⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"43⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""44⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost45⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"44⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""45⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost46⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"45⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""46⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost47⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"46⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""47⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost48⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"47⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""48⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost49⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"48⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""49⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost50⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"49⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""50⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost51⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"50⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""51⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost52⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"51⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""52⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost53⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"52⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""53⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost54⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"53⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""54⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost55⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"54⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""55⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost56⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"55⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""56⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost57⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"56⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""57⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost58⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"57⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""58⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost59⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"58⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""59⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost60⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"59⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""60⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost61⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"60⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""61⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost62⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"61⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""62⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost63⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"62⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""63⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost64⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"63⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""64⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost65⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"64⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""65⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost66⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"65⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""66⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost67⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"66⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""67⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost68⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"67⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""68⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost69⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"68⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""69⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost70⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"69⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""70⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost71⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"70⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""71⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost72⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"71⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"72⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""73⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost74⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"73⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"74⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""75⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost76⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"75⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""76⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost77⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"76⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""77⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost78⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"77⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""78⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost79⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"78⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""79⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost80⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"79⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""80⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost81⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"80⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""81⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost82⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"81⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""82⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost83⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"82⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""83⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost84⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"83⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""84⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost85⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"84⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""85⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost86⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"85⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""86⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost87⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"86⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""87⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost88⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"87⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""88⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost89⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"88⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""89⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost90⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"89⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""90⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost91⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"90⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""91⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost92⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"91⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""92⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost93⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"92⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""93⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost94⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"93⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""94⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost95⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"94⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""95⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost96⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"95⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""96⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost97⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"96⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""97⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost98⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"97⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""98⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost99⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"98⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""99⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost100⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"99⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""100⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost101⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"100⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""101⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost102⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"101⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""102⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost103⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"102⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""103⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost104⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"103⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""104⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost105⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"104⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""105⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost106⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"105⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""106⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost107⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"106⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""107⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost108⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"107⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""108⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost109⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"108⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""109⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost110⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"109⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""110⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost111⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"110⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""111⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost112⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"111⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""112⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost113⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"112⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""113⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost114⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"113⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""114⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost115⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"114⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""115⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost116⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"115⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""116⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost117⤵
- Runs ping.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"116⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""117⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost118⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"117⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""118⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost119⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"118⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""119⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost120⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"C:\Users\Admin\AppData\Local\Temp\VegaStealer_v2.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\v2.exe"C:\Users\Admin\AppData\Local\Temp\v2.exe"119⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\.bat""120⤵
-
C:\Windows\SysWOW64\PING.EXEping -n 1 localhost121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-