Analysis
-
max time kernel
8s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
09-10-2024 09:00
General
-
Target
2e57f267250cc56b48dc1db078304b97_JaffaCakes118.exe
-
Size
1.0MB
-
MD5
2e57f267250cc56b48dc1db078304b97
-
SHA1
6f306ff630cc4955127851ca37d0adbde9c39bc3
-
SHA256
fb102d0ad83ccb3255a19efd0176199339e49a9bf87766e7b36cd6e2dd54f309
-
SHA512
722d21e4d920838f8c9bed2c8639ccbefab3baadae3f08044bfeee04b691b58a385725717cd126238891fd25935fa323b07658e4c942e24fb835f51c4890ab6d
-
SSDEEP
24576:yQ4juzSIa1E68m1AXumQ6ImmgM9NaFwkd/waOgd+5p4ZwxmHA5yqH2YoH0v:yF8Dm1AXvzIMMCR9eEWTgKoH
Score
10/10
Malware Config
Signatures
-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable 1 IoCs
-
Executes dropped EXE 35 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 12 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 35 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Delays execution with timeout.exe 57 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 20 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e57f267250cc56b48dc1db078304b97_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2e57f267250cc56b48dc1db078304b97_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Install.exe"C:\Users\Admin\AppData\Local\Temp\Install.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\28463\HCUA.exe"C:\Windows\system32\28463\HCUA.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 2566⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe7⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 58⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"7⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe8⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 59⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"8⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe9⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 510⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"9⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe10⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 511⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"9⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"10⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe11⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 512⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"11⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe12⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 513⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"12⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe13⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 514⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"13⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe14⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 515⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"14⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe15⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 516⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"15⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 25616⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"16⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe17⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 518⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"15⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"17⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe18⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 519⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"18⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 25619⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"19⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe20⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 521⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"18⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"20⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe21⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 522⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"19⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"21⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe22⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 523⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"20⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"22⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe23⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 524⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"21⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"23⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 25624⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"22⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"24⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe25⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 526⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"23⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"25⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe26⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 527⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"24⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"26⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe27⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 528⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"25⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"27⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe28⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 529⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"26⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"28⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe29⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 530⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"27⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"29⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe30⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 531⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"28⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"30⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 25631⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"29⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"31⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 25632⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"30⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"32⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe33⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 534⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"31⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"33⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe34⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 535⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"32⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"34⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe35⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 536⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"33⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"35⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe36⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 537⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"36⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 25637⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"37⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe38⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 539⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"38⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 25639⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"39⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe40⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 541⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"40⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe41⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 542⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"41⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe42⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 543⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"42⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe43⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 544⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"43⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe44⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 545⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"44⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe45⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 546⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"45⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe46⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 547⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"46⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe47⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 548⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"47⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe48⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 549⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"48⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe49⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 550⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"49⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe50⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 551⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"50⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe51⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 552⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"51⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe52⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 553⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"52⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe53⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 554⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"53⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe54⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 555⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"54⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe55⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 556⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"55⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe56⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 557⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"56⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe57⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 558⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"57⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe58⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 559⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"58⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe59⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 560⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"59⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 25660⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"60⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 25661⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"61⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe62⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 563⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"62⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe63⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 564⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"63⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe64⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 565⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"64⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 25665⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"65⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe66⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 567⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"66⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe67⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 568⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"67⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe68⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 569⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"68⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe69⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 570⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"69⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 25670⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"70⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe71⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 572⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"71⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe72⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 573⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"72⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe73⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 574⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"73⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\Server.exe74⤵
-
C:\Windows\SysWOW64\timeout.exetimeout 575⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"74⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"75⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"76⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"77⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"77⤵
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"79⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"80⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"80⤵
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"81⤵
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"82⤵
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\Server.exe"C:\Users\Admin\AppData\Local\Temp\Server.exe"83⤵
-
-
C:\Users\Admin\AppData\Local\Temp\keygen.exe"C:\Users\Admin\AppData\Local\Temp\keygen.exe"83⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "542754491-319683126253985580952199820-1038671452198693161400382183-863522896"1⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-764217843136263584137671693-161105501-1458857607-1114050150-445174953-553791169"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1009KB
MD592cc49351c78a81211a12f97cabf810c
SHA1403a7f412a1d5accd7f16ac4629cf50577bff263
SHA2564f8fd1af6bdaabfd536c93cf78ae451615ff1b0f3889b8d6ab40404324f02a51
SHA512cf589b811e635dd8a3af2286a21efaa1e3768a77b45dcdd7242e590b20e3a5ccca8c84a7c8987c9465373896d94e407d7ce5e19b33381d7c04b3c61da3457b82
-
Filesize
516KB
MD522d2efe7bad26ed8da38abcf9de3be97
SHA19d619d5dec8c2350226c3f817c46fce551973847
SHA2564764e7e0f0f2edcc5e0234880bc5996ae2cb4f84cb7e3f6d8d70562afc88f2bb
SHA512bee0ff369b7498dd4b4a994b0ba3c80dfeef74c0cec9b47323d04893c89a2f102863c6e627acb579b4457bf3dc3eac79eaf37616e3834d59ec9a75d94dc1c057
-
Filesize
513KB
MD5137908119c07ee5da0f191ee183d8112
SHA1302d5fec12ddc8da2605e0207447cecc81e23071
SHA256e423dda0815091f3fbe79631df6a2bcee3c684fc17434734c323454564953571
SHA512545c851ff7a0cdeb41431c5c03533ce5e91f53d1e4d924e8cc0343d40c4568c9e98ccd24e15e6be915870fed43951b2baafb2a45f962e3ed39a97a50f1e238f9
-
Filesize
92KB
MD55a11d4c52a76804780cbb414b2595bdb
SHA114c89a2283c41b10ce8f1576404e1541c04a8125
SHA256e1b3260b2607c6a5fcf91575d1de278deceaf4e5f9f0530a3782c6d9567749d8
SHA5120bffe811cbba5278d39e20b66a5c4770e3855d1f5cbd45161e8ad304b78da73f555a3c42a198378efab3dfc81f384fdaefc6cbb893a708c7e2649a89fdd11762
-
Filesize
395KB
MD5d63cc8679a63448db1c64252e14e4ab5
SHA110b3a9ac4bc16e8ac1cd05e50b4d540fa3ef223e
SHA25629b3646a556879a4a48e4f2f81e09179c34ac2051ed3e4f4c28e293092470d3d
SHA512cb1911e1a77fb9be560aa4fd8bbef65e181b6d4438d65657501dbcd8dbf488ba01738a7222f35f8d4317e8df8c6f307d9e3623d6e3e45753e138b80fb68ff768
-
Filesize
452B
MD511e14155718e261dfa77081945e85834
SHA12fe35cd73a8fdc53a696a29fbcc06f8aa5b5d701
SHA256a19b499aeaf1e3740c1ca4babb2644511b8894954eebfd3c12fd1c87def695de
SHA512d798d8a89e1021f9fcc04a3200e31d70a5009d21fec654795e2d05dd05e2cabed44895e9b4c3118dc51ede9c47a0418282e1d048f62dc0364a74f7135283f6cc
-
Filesize
8KB
MD581e20f4361cf8f5a57812871c24d945e
SHA15d7877d6959ab26599b05795a71633f00c37a3da
SHA256e6e8b4a29dccb3531f58c75b754caf7f26afe3e7043239305fd0ae7ab2f7571d
SHA51269b1d75ab7123054bf98cf3a0f2cc7a0749cda8d85ebdef85be7d89f1454154ce29070907b934727a6c5276ff430e94810b87a5634d25d8529df9ee36fd20818
-
Filesize
5KB
MD5e9fbdcc2f5fb657fa519b3f5c69fc52d
SHA1c49cca77b46a59d620711de7564d43e5dafcd2b5
SHA256cc440cfc4ce1a1ff503cc9e8937c59aae64bfce4daa3e7dc757220a25cadc2e4
SHA512913759967e16b99d8ea66433e5dc99d5ddbf737be6784306e67c2b23a525b7a578fcae1028221d3209abc452ff30508eb750c62113c3868a7af36b544e525fb1
-
Filesize
4KB
MD525530555085337eb644b061f239aa9d4
SHA18d91e099aba5439d4bfa8bce464c94e3e1acf620
SHA2563fb6b438ad1530abdd068bffb303fb8a4de51430e0e18ddb6b1a0469ffab8325
SHA512b1f9de0c276533a5a7070aeb2b6415cc1c0bdd2baf5e0645c6ac5ba767cab0d76e5b4461800d89724992af2c863294ada3c1eb2e4516183fe2010c33d47d6a2a
-
Filesize
473KB
MD597d8ad45f48b4b28a93aab94699b7168
SHA18b69b7fd7c008b95d12386f6da415097e72151de
SHA256661df22a66b2062b233eb0bd9665de924cfe0ac9c6ba29e20ffef24f817f9331
SHA5123351eac970bab391de410fcf1937da75d2e4722b808f10332f487ddfe469544e32e7d4ed0e5bdc19bd5f472cffcc55ca1498c95945b4e9c4ceff6ff5cc521c8a
-
Filesize
352KB
-
Filesize
4KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
352KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
9.6MB