Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
10/04/2025, 02:41
General
-
Target
2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe
-
Size
70KB
-
MD5
a7b7c1266edb7de0bfb01534bf94ab44
-
SHA1
dcf49d90bcc0f2e08485883a1141e9a2e8c0a5dc
-
SHA256
d67a23f0caca7c6c21101ee6f17be9b7290b4f0339961e447e90123c21d22bbc
-
SHA512
f9ef1aae251dbb10bb33ce74a92e14089c657381d2de95bbec2886437cb672360e5fe32977253f323262770a2ac9334806df786ff0c644f7e9213362f7f5bac2
-
SSDEEP
1536:4ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:3d5BJHMqqDL2/Ovvdr
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe"C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exeC:\Users\Admin\AppData\Local\Temp\2025-04-10_a7b7c1266edb7de0bfb01534bf94ab44_elex_gandcrab.exe2⤵
-