Analysis
-
max time kernel
37s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21/10/2024, 01:45
General
-
Target
651f4598432b1b9fc27e3e0db54bbf31_JaffaCakes118.exe
-
Size
818KB
-
MD5
651f4598432b1b9fc27e3e0db54bbf31
-
SHA1
07eb2a2dc8a65f7564efe70a85afbb72b806b500
-
SHA256
354f6edb4dd0b11f637a1ad2853aa9ace006af87b5d5f2c514e8415c3c051d26
-
SHA512
9ab6e1d6bc524b11098f5f1fdeb5390ec7f962a982d7cd6bd509246474480aa88830185b8702c9bd63a6f5f9905ad72584164eb7a0b6a555579d0df6a7f0169b
-
SSDEEP
12288:dY26wEXdazQ3giKoAzdSqGANvu2uDIR34C5OpYtnPDZO99Ws/R01GULHY+ZDsvWl:dQNp37OgqG4m2KQOpYtPkr/g9nDJdqo
Score
10/10
Malware Config
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence 2 TTPs 37 IoCs
-
ASPack v2.12-2.42 1 IoCs
Detects executables packed with ASPack v2.12-2.42
-
Checks BIOS information in registry 2 TTPs 37 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 36 IoCs
-
Identifies Wine through registry keys 2 TTPs 37 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 37 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 36 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 37 IoCs
-
Runs ping.exe 1 TTPs 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\651f4598432b1b9fc27e3e0db54bbf31_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\651f4598432b1b9fc27e3e0db54bbf31_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"2⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"3⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"4⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"5⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"6⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"7⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"8⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"9⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"10⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"11⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"12⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"13⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"14⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"15⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"16⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"17⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"18⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"19⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"20⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"21⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"22⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"23⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"24⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"25⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"26⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"27⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"28⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"29⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"30⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"31⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"32⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"33⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"34⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"35⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"36⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"37⤵
- Modifies WinLogon for persistence
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"38⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"39⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"40⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"41⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"42⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"43⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"44⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"45⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"46⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"47⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"48⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"49⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"50⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"51⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"52⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"53⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"54⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"55⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"56⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"57⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"58⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"59⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"60⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"61⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"62⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"63⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"64⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"65⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"66⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"67⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"68⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"69⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"70⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"71⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"72⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"73⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"74⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"75⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"76⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"77⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"78⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"79⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"80⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"81⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"82⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"83⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"84⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"85⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"86⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"87⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"88⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"89⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"90⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"91⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"92⤵
-
C:\Windows\SysWOW64\Windupdt\explorer.exe"C:\Windows\system32\Windupdt\explorer.exe"93⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "93⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 294⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "92⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 293⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "91⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 292⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "90⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 291⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "89⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 290⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "88⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 289⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "87⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 288⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "86⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 287⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "85⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 286⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "84⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 285⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "83⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 284⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "82⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 283⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "81⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 282⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "80⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 281⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "79⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 280⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "78⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 279⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "77⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 278⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "76⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 277⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "75⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 276⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "74⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 275⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "73⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 274⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "72⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 273⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "71⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 272⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "70⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 271⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "69⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 270⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "68⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 269⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "67⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 268⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "66⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 267⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "65⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 266⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "64⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 265⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "63⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 264⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "62⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 263⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "61⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 262⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "60⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 261⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "59⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 260⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "58⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 259⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "57⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 258⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "56⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 257⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "55⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 256⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "54⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 255⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "53⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 254⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "52⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 253⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "51⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 252⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "50⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 251⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "49⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 250⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "48⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 249⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "47⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 248⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "46⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 247⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "45⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 246⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "44⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 245⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "43⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 244⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "42⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 243⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "41⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 242⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "40⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 241⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "39⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 240⤵
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "38⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 239⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "37⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 238⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "36⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 237⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "35⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 236⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "34⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 235⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "33⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 234⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "32⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 233⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "31⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 232⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "30⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 231⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "29⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 230⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "28⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 229⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "27⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 228⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "26⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 227⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "25⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 226⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "24⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 225⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "23⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 224⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "22⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 223⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "21⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 222⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "20⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 221⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "19⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 220⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "18⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 219⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "17⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 218⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "16⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 217⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "15⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 216⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "14⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 215⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "13⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 214⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 213⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "11⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 212⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "10⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 211⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "9⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 210⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "8⤵
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 29⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "7⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 28⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "6⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 27⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 26⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 25⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 24⤵
- System Location Discovery: System Language Discovery
- Runs ping.exe
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_dcsc_.bat" "2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 23⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "887761712566073461-2121015652-1874341374-630586457-1751101328-10192045511612624266"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "118213402-1000801043-18989021251754550879212579476066098460112193097091064612814"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1425877187-40072615-1191625493-1889482530131601295741318105613722292911964781165"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-104417761319598091091845691751-670960096-6472802789084475441141149915-165336019"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "318095884-920465556149357138-494990022454136766196952607-1770438011256886292"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-840122370-1009584916-384124187934103697-1762982146214711293371373806-1939141085"1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
119B
MD58d92fb73117a2f838a54c545be086a1d
SHA13e62625e9b3ec5e49d0c7bce3b81bea3e9651661
SHA25648c300b6e7c36547391dc4b75324f5889c803b92935e27c9246d320376a50edf
SHA5122ce9009727fe96f18657ab2f8dc0771ef75bb3154b9ccfaf3411e4ab82cf6ccba888c3d4fdee59b6c2f891c6c692e3224a2e1ed055f305e79d57af905369511e
-
Filesize
76B
MD5beb1be136bf868c6334483b8ff94bd27
SHA1892328ececd75ebfa1f6c8e2543f4d37548c1118
SHA2563e3b34a52c8c11b952a1cbdebece3382ecc1552df360e90c37946bfab1410aec
SHA512ea36214e18857a3c3a039cc3bc351cfaebbd074764723d467131ab601749cd57ab7dcb562bfa9b366d462e9e8f58e24f3fa677cb7e4e6be7b12952e47c315a09
-
Filesize
818KB
MD5651f4598432b1b9fc27e3e0db54bbf31
SHA107eb2a2dc8a65f7564efe70a85afbb72b806b500
SHA256354f6edb4dd0b11f637a1ad2853aa9ace006af87b5d5f2c514e8415c3c051d26
SHA5129ab6e1d6bc524b11098f5f1fdeb5390ec7f962a982d7cd6bd509246474480aa88830185b8702c9bd63a6f5f9905ad72584164eb7a0b6a555579d0df6a7f0169b
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
748KB
-
Filesize
748KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1000KB
-
Filesize
1.1MB
-
Filesize
1.4MB
-
Filesize
1.4MB