Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 22:20
Static task
static1
Behavioral task
behavioral1
Sample
6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe
Resource
win10v2004-20240508-en
General
-
Target
6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe
-
Size
1.1MB
-
MD5
d4554cbeaf50f90e2c2a26c4b6abf775
-
SHA1
50cdeb208ed2c1e8c973acdf973e6b77b3df3e14
-
SHA256
6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07
-
SHA512
9cb27887c62e1aeccece14ccd5e002d6172a72e03ac075abb0c96546746afa8b7c39ac2bc61805a50615ebd5b8416d7864b642354ac77ef676c9a07e3109922f
-
SSDEEP
24576:CH0dl8myX9Bg42QoXFkrzkmmlSgRDko0lG4Z8r7Qfbkiu5Qn:CcaClSFlG4ZM7QzMg
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2468 svchcst.exe -
Executes dropped EXE 23 IoCs
pid Process 2468 svchcst.exe 1596 svchcst.exe 2212 svchcst.exe 1204 svchcst.exe 2244 svchcst.exe 2416 svchcst.exe 952 svchcst.exe 1096 svchcst.exe 2696 svchcst.exe 2448 svchcst.exe 548 svchcst.exe 2764 svchcst.exe 2280 svchcst.exe 3000 svchcst.exe 2416 svchcst.exe 952 svchcst.exe 1640 svchcst.exe 2932 svchcst.exe 2444 svchcst.exe 2940 svchcst.exe 2752 svchcst.exe 2832 svchcst.exe 2076 svchcst.exe -
Loads dropped DLL 38 IoCs
pid Process 2964 WScript.exe 2964 WScript.exe 2488 WScript.exe 2792 WScript.exe 2792 WScript.exe 2792 WScript.exe 2080 WScript.exe 1496 WScript.exe 1396 WScript.exe 1396 WScript.exe 2976 WScript.exe 2976 WScript.exe 2612 WScript.exe 1448 WScript.exe 1652 WScript.exe 1652 WScript.exe 1652 WScript.exe 1652 WScript.exe 2112 WScript.exe 2112 WScript.exe 452 WScript.exe 452 WScript.exe 1044 WScript.exe 1044 WScript.exe 2404 WScript.exe 2404 WScript.exe 2624 WScript.exe 2624 WScript.exe 2976 WScript.exe 2976 WScript.exe 2352 WScript.exe 2352 WScript.exe 1980 WScript.exe 1980 WScript.exe 2336 WScript.exe 2336 WScript.exe 1536 WScript.exe 1536 WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 2468 svchcst.exe 1596 svchcst.exe 1596 svchcst.exe 1596 svchcst.exe 1596 svchcst.exe 1596 svchcst.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe -
Suspicious use of SetWindowsHookEx 48 IoCs
pid Process 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 2468 svchcst.exe 2468 svchcst.exe 1596 svchcst.exe 1596 svchcst.exe 2212 svchcst.exe 2212 svchcst.exe 1204 svchcst.exe 1204 svchcst.exe 2244 svchcst.exe 2244 svchcst.exe 2416 svchcst.exe 2416 svchcst.exe 952 svchcst.exe 952 svchcst.exe 1096 svchcst.exe 1096 svchcst.exe 2696 svchcst.exe 2696 svchcst.exe 2448 svchcst.exe 2448 svchcst.exe 548 svchcst.exe 548 svchcst.exe 2764 svchcst.exe 2764 svchcst.exe 2280 svchcst.exe 2280 svchcst.exe 3000 svchcst.exe 3000 svchcst.exe 2416 svchcst.exe 2416 svchcst.exe 952 svchcst.exe 952 svchcst.exe 1640 svchcst.exe 1640 svchcst.exe 2932 svchcst.exe 2932 svchcst.exe 2444 svchcst.exe 2444 svchcst.exe 2940 svchcst.exe 2940 svchcst.exe 2752 svchcst.exe 2752 svchcst.exe 2832 svchcst.exe 2832 svchcst.exe 2076 svchcst.exe 2076 svchcst.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1288 wrote to memory of 2964 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 28 PID 1288 wrote to memory of 2964 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 28 PID 1288 wrote to memory of 2964 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 28 PID 1288 wrote to memory of 2964 1288 6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe 28 PID 2964 wrote to memory of 2468 2964 WScript.exe 30 PID 2964 wrote to memory of 2468 2964 WScript.exe 30 PID 2964 wrote to memory of 2468 2964 WScript.exe 30 PID 2964 wrote to memory of 2468 2964 WScript.exe 30 PID 2468 wrote to memory of 2488 2468 svchcst.exe 31 PID 2468 wrote to memory of 2488 2468 svchcst.exe 31 PID 2468 wrote to memory of 2488 2468 svchcst.exe 31 PID 2468 wrote to memory of 2488 2468 svchcst.exe 31 PID 2488 wrote to memory of 1596 2488 WScript.exe 32 PID 2488 wrote to memory of 1596 2488 WScript.exe 32 PID 2488 wrote to memory of 1596 2488 WScript.exe 32 PID 2488 wrote to memory of 1596 2488 WScript.exe 32 PID 1596 wrote to memory of 2792 1596 svchcst.exe 33 PID 1596 wrote to memory of 2792 1596 svchcst.exe 33 PID 1596 wrote to memory of 2792 1596 svchcst.exe 33 PID 1596 wrote to memory of 2792 1596 svchcst.exe 33 PID 2792 wrote to memory of 2212 2792 WScript.exe 34 PID 2792 wrote to memory of 2212 2792 WScript.exe 34 PID 2792 wrote to memory of 2212 2792 WScript.exe 34 PID 2792 wrote to memory of 2212 2792 WScript.exe 34 PID 2212 wrote to memory of 2324 2212 svchcst.exe 35 PID 2212 wrote to memory of 2324 2212 svchcst.exe 35 PID 2212 wrote to memory of 2324 2212 svchcst.exe 35 PID 2212 wrote to memory of 2324 2212 svchcst.exe 35 PID 2792 wrote to memory of 1204 2792 WScript.exe 36 PID 2792 wrote to memory of 1204 2792 WScript.exe 36 PID 2792 wrote to memory of 1204 2792 WScript.exe 36 PID 2792 wrote to memory of 1204 2792 WScript.exe 36 PID 1204 wrote to memory of 2080 1204 svchcst.exe 37 PID 1204 wrote to memory of 2080 1204 svchcst.exe 37 PID 1204 wrote to memory of 2080 1204 svchcst.exe 37 PID 1204 wrote to memory of 2080 1204 svchcst.exe 37 PID 2080 wrote to memory of 2244 2080 WScript.exe 38 PID 2080 wrote to memory of 2244 2080 WScript.exe 38 PID 2080 wrote to memory of 2244 2080 WScript.exe 38 PID 2080 wrote to memory of 2244 2080 WScript.exe 38 PID 2244 wrote to memory of 1496 2244 svchcst.exe 39 PID 2244 wrote to memory of 1496 2244 svchcst.exe 39 PID 2244 wrote to memory of 1496 2244 svchcst.exe 39 PID 2244 wrote to memory of 1496 2244 svchcst.exe 39 PID 1496 wrote to memory of 2416 1496 WScript.exe 40 PID 1496 wrote to memory of 2416 1496 WScript.exe 40 PID 1496 wrote to memory of 2416 1496 WScript.exe 40 PID 1496 wrote to memory of 2416 1496 WScript.exe 40 PID 2416 wrote to memory of 1396 2416 svchcst.exe 41 PID 2416 wrote to memory of 1396 2416 svchcst.exe 41 PID 2416 wrote to memory of 1396 2416 svchcst.exe 41 PID 2416 wrote to memory of 1396 2416 svchcst.exe 41 PID 1396 wrote to memory of 952 1396 WScript.exe 42 PID 1396 wrote to memory of 952 1396 WScript.exe 42 PID 1396 wrote to memory of 952 1396 WScript.exe 42 PID 1396 wrote to memory of 952 1396 WScript.exe 42 PID 952 wrote to memory of 2976 952 svchcst.exe 43 PID 952 wrote to memory of 2976 952 svchcst.exe 43 PID 952 wrote to memory of 2976 952 svchcst.exe 43 PID 952 wrote to memory of 2976 952 svchcst.exe 43 PID 1396 wrote to memory of 1096 1396 WScript.exe 46 PID 1396 wrote to memory of 1096 1396 WScript.exe 46 PID 1396 wrote to memory of 1096 1396 WScript.exe 46 PID 1396 wrote to memory of 1096 1396 WScript.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe"C:\Users\Admin\AppData\Local\Temp\6c444d9957f26291f293c450c8047399f5a71cf286f54b9093b6d4c977d6dc07.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"3⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"6⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"8⤵PID:2324
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"10⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"12⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"14⤵
- Loads dropped DLL
PID:2976 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"16⤵
- Loads dropped DLL
PID:2612 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"18⤵
- Loads dropped DLL
PID:1448 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"20⤵
- Loads dropped DLL
PID:1652 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"22⤵PID:1416
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"22⤵
- Loads dropped DLL
PID:2112 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"24⤵
- Loads dropped DLL
PID:452 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"26⤵
- Loads dropped DLL
PID:1044 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"28⤵
- Loads dropped DLL
PID:2404 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"30⤵
- Loads dropped DLL
PID:2624 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"32⤵
- Loads dropped DLL
PID:2976 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"34⤵
- Loads dropped DLL
PID:2352 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"36⤵
- Loads dropped DLL
PID:1980 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"38⤵
- Loads dropped DLL
PID:2336 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"40⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"42⤵PID:2776
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"C:\Users\Admin\AppData\Roaming\Microsoft\svchcst.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1096 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS3.vbs"14⤵PID:1004
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD567b9b3e2ded7086f393ebbc36c5e7bca
SHA1e6299d0450b9a92a18cc23b5704a2b475652c790
SHA25644063c266686263f14cd2a83fee124fb3e61a9171a6aab69709464f49511011d
SHA512826fbc9481f46b1ae3db828a665c55c349023caf563e6e8c17321f5f3af3e4c3914955db6f0eebfc6defe561315435d47310b4d0499ab9c2c85bb61264dedc09
-
Filesize
696B
MD5e74576d29f1c1a7185cdf1e12b96a260
SHA1f76ee203cb56b7dda62a2947ff1e2fc954efa777
SHA256e31ecb9dcf31c19fbd131b31e5191375f7aeb708ffa678363de99e118715eb65
SHA512934e3a9171de8fe03c9b398b4e79b3eee77845750ba2b0d16c3a38bc8299d3d72643cedfbb025df848f4c5ab302f5d4b145da13c2ac3ed96bdc1658791d4f5bb
-
Filesize
753B
MD544e779b6ec0bb2a2f528bec495be0d3c
SHA17fe7d7802f64f411e2f454ee981900bc8436ca6e
SHA25634b696b278ed4926bfc677cf0303406b9365eba1b8265c1d596c94b8470ea477
SHA5127cbcc26f70d83bd0f6b426375b17895e17fd9827c887cd10d8f8e44538def715bbcd4ada9a8ec6d7b4c4700728b580e272e29d2e4ab564f05ac149555b319f35
-
Filesize
696B
MD5dcda7be7bee467e770890045f8b7ae2a
SHA1c2d1c9669b5115473dd2fcb27bb76aed83afdcd1
SHA2565818c70269cba768813218e1a65265488b4c36ebee593535af98a52bf1eeed33
SHA5125a69286101d6a3f52a919910584f2618e2e7adcf8b77806b5e4ecd8b881a86693df968818cec771b93b50d05849e165da0d66c5cfb121297f56cf7bef804a408
-
Filesize
696B
MD53f88ed4a802ff96db44e34ad53ac06c2
SHA1446fe4e265af02ea012b5a8d5d0e7a0c9867f1ed
SHA25604a5abb92c689fa7b9d768a067b1d9bd16c0a5d856c67c7f7881d62662ae0911
SHA512f1afaf53ee96969d58902836b841ca7feed9769c81d9b2d63b72db5d7cf04d6a659b50869f8dba0d650aa6833d892261c0c3dd918e8bfbed13237e6333c47fdf
-
Filesize
696B
MD5152cdcb10a0dcbdcaeb00bd4b08b2f94
SHA1d957bd7eff64e6b13d3a088c0ae764eaeedf0ad2
SHA2565525126f60e1b6cf4d353d30db46873836712e3964020d1dbca2694b6dc3d599
SHA512c2e61516af9e5c14978792ec3b5e20aa84d5f6d9607322575d2f0448a67b6a10911ebf350f51e24e19f40840897251c891cda2c651c0881fccc9e0006d1a2f99
-
Filesize
696B
MD5b42266100fb9f5e0b7be593aac3c37cf
SHA17cd55f31fd2871d09de73a6f62e3a7e1a53327b2
SHA2561a6710caaf3886be368f3205ee8c9905e10f8ed754d80598c80f1455a700d846
SHA512d3e5a4f7395d6196403e60214239043b2da6e546cbe080f74c3a680a6f4a7fe1374988df0a1aa84dbc0e41199efd8fb11050d1d1295f3b45811935d740a5108b
-
Filesize
696B
MD525874246c29e6249372a62c1ffb8a1ae
SHA18b271268ba9ae539e8c5ca3233e5f85772899926
SHA2563d9e506a169afe13ea22a91f88363de0837fc11723beb0425f564262d104bb59
SHA512bb48d383a7aa5bc14fbe010fd778e40512b1079fa7c66757041b6e79c51bf6a719b058434d6c603db81d8d5bd269f354d153ca899aaae789e25061f005afcdaa
-
Filesize
696B
MD50297693238c8d2753940dd61243ddfd8
SHA1c5e61e727061ecb2475cfd052102d1ec3f837ad8
SHA2562c553c736dbf82875ba83b712b4d0a0e5b63b0e4089f0882755bbf078c22c0a5
SHA512042527b1ea8d7e3cc25f8cc72c357e39ef822e78eb9c5802613ff806f9869fff49e63ebd0d8e52754c5a918fd76640dd0bc7a1a1dfd5e82cecfcfcc13c8579cd
-
Filesize
696B
MD5f8db619ebe2f315356d8a3c1cb7ce863
SHA16a7be253323ec01b077ec2632a10159e39c17b2b
SHA25699940aede45164365f56d6948655491bf5e5eaf8cc50400fe99620b5d3cd29c8
SHA5126abc38a731254105c4f336ef9954159d7711889c704002838872473450f9077a940b4817cf36ae7fa04f08439a2acb53c9ab37c85e21c2981eab353379bf431a
-
Filesize
696B
MD5308b7da7ec377746fab239c88940c7ea
SHA162356f1d6078f5587c1e0fa2201b199ebfdd0372
SHA2563c6e5a89529248f6074cab8ca705d7f399c2808e185a451f2520d767e7aecd77
SHA512bfd886261d3c9ae90f40968acb30b229e8d6754768bee5430f246594b5f81952de101a572cedb84bd1ab9a39cb607ec981287e9e03ea45b829744c47ee9bc877
-
Filesize
696B
MD54d8de8aafa7849de2f40f61eb205cc42
SHA167decea42f8c2ee805e859a898922c90ae105cdc
SHA25644a2def2aab8221d4302282a111d1b9592b8828363736aa27a3343836817d2e2
SHA512a44c1b2e8bc3b432daac94073c22e3b93ee412e345f4b2037586fc178fc7909f9360c2ba0817d7648d0739aabf51c6533e87226bffcd7109974e561d901610fc
-
Filesize
1.1MB
MD5a870ec569bea5bf772643751e5450655
SHA17b205689f31161f2ed5396697023ebd0c89e340d
SHA256e0e8935696dc215abb339c018d0feccb44e088ddc7f7bb3d3e2c80f44781246b
SHA512279955dc202d178d42cb410f76d38e2ac95ee7a495586f28e6921446ae58338665b82d2511bc01d960f3f0cb3d7f6dcfe23faf67cf47ca524bcb8aa2d87b0e86
-
Filesize
1.1MB
MD5216ac2fcf4faaf4be5fb4993f28812d1
SHA1e29950d302a9f0f042d83d6330ade6f512da3de7
SHA256425927b6d0d1d4790084f94ba0526713b03c8c320c2227175b65387a9371e377
SHA512e48e61009037856df8e6e732edba413e705a20b71e15aad7e7daa1bc19d9eca67ba0665d8412735dec35f1624d2608798a5ac2b0272d4e2e91fccb2bf78706fa
-
Filesize
1.1MB
MD5b65b5bdce2a873ac2f513f33c048c820
SHA1a5efd9c1bbd0f58c82615d15dcabdf803597f5b2
SHA256cb3e603bc2606ef0fbc53eb6261918312791f8b69b918971f35e3e4312061b69
SHA512135ae35333427df60c8a64ab59a1f80f1df3213b0a28b07e7d6d88ec934eb978952d53e2931c8b2a1a65ef460ed974372c87d0fc7ebc5abe915f6d4b7e2326b8
-
Filesize
1.1MB
MD56962a0afcba892d286c0275ba2447529
SHA1272bffec46cf167d8b8a44a7107afed6b2353846
SHA2564b32ce2f18209065798c88d690bd4b96d461b5e318e5012f88dbeb9ed66cf888
SHA512f4671e6bda2e552ab46987e772934fbda6866adce3bdb6a88b68b2030770833e29ef4f955d16f50489e2cecb8288248898cd49ff7e3b76246e058205daa05796