Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-09-2024 16:32
General
-
Target
c5604fa1cf8d82960162ef353e072ee0N.exe
-
Size
85KB
-
MD5
c5604fa1cf8d82960162ef353e072ee0
-
SHA1
8748c8d9bd5aaa5d2037d1c92b84db048deb789f
-
SHA256
cdd3ecb63c30de836ab13f573ec82faa0688a3e5ea7e54d2178f984cf709c5c6
-
SHA512
f840219065d07fa9f5d49b30bd9a142ead388f3d0020a0359d1f0913c69c48792de0506864d91816601509cf9f4af9038e9c9921e70de3893101891c1a70a2f9
-
SSDEEP
1536:lXEN0rlw3e63tlxIHR6xSA7TWCDYAwNKUEiVghzCcnuaukliBLzQcOOGfbfpZJsV:lnw3DI6xd2Wxco
Score
9/10
Malware Config
Signatures
-
Renames multiple (203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5604fa1cf8d82960162ef353e072ee0N.exe"C:\Users\Admin\AppData\Local\Temp\c5604fa1cf8d82960162ef353e072ee0N.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe"2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7364⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7364⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7364⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7364⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7564⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7644⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7644⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7524⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 1284⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7644⤵
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7444⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Public\Services\system.exe"C:\Users\Public\Services\system.exe" help3⤵
-
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exedw20.exe -x -s 7484⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4336,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26B
MD5a3aba13ba7d45d69e20a147e2b7a9162
SHA1f483648c664fd8df0b88b91785e139299aafbe9e
SHA2564c5bb87056c5521a5f341e5cf0dc5d776fad1749b387f9f31a3f3387c45d2895
SHA512a8a4e9e479a736aa0839a0d1f21abcfab63f2a08c264635500e692ace533ab5faf99acefff3319a94d9755855c49e35b3524be7892521c26fb467eb09de18b43
-
Filesize
85KB
MD5c5604fa1cf8d82960162ef353e072ee0
SHA18748c8d9bd5aaa5d2037d1c92b84db048deb789f
SHA256cdd3ecb63c30de836ab13f573ec82faa0688a3e5ea7e54d2178f984cf709c5c6
SHA512f840219065d07fa9f5d49b30bd9a142ead388f3d0020a0359d1f0913c69c48792de0506864d91816601509cf9f4af9038e9c9921e70de3893101891c1a70a2f9
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
4.8MB
-
Filesize
9.6MB