Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 30, 2024, 10:11 a.m. | May 30, 2024, 10:16 a.m. |
-
-
cmd.exe "C:\Windows\System32\cmd.exe" /c ""C:\Users\test22\AppData\Local\Temp\SviridTweaks\KillDuplicate.cmd" "C:\Users\test22\AppData\Local\Temp\SviridTweaks" "TweaksAlt.exe""
2772 -
-
RunAsTI.exe "RunAsTI.exe" Windows_Defender_disable.cmd
2904 -
RunAsTI.exe "RunAsTI.exe" Windows_Defender_disable.cmd
1400 -
RunAsTI.exe "RunAsTI.exe" Windows_Defender_disable.cmd
2648 -
RunAsTI.exe "RunAsTI.exe" Windows_Defender_disable.cmd
3036 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2384 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2600 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
2748 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
2396 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
3008 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2444 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
1332 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2408 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
2512 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
3016 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2180 -
RunAsTI.exe "RunAsTI.exe" User_Account_Control_Enable.cmd
2424 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
2728 -
RunAsTI.exe "RunAsTI.exe" WindowsUpdate_enable.cmd
2916
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
packer | Armadillo v1.71 |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Automatic_Registry_Backup_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\BalancedPowerSupply.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\SMB1_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\DefenderON.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Windows_Defender_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Classic_Context_Menu_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\NotificationCenter_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Telemetry_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\ThumbnailCache_Enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Firewall_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\AllowInsecureGuestAuth_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Reserved_Storage_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Automatic_Registry_Backup_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\KillDuplicate.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\DefStop.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Classic_Context_Menu_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Firewall_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Reserved_Storage_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\KeyboardLayout_Preload_ENG-BG.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\SmartScreen_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\OneDrive_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\SMB1_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\High_Performance.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\WarningDisable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\CustomContextMenu.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Show_hidden_power_settings.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\InSpectre.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\AllowInsecureGuestAuth_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\NotificationCenter_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\ThumbnailCache_Disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\User_Account_Control_Enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Launcher.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\RunAsTI.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\UpgradeDisable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Windows_Defender_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\OneDrive_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\UpgradeEnable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Driver_Signing_Disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\AddStore.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\User_Account_Control_Disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\WindowsUpdate_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\SmartScreen_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Telemetry_enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\RunAsTI_x64.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\TurnOn_File_Security.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Driver_Signing_Enable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\WindowsUpdate_disable.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\TurnOff_File_Security.cmd |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Delete-MicrosoftStore.cmd |
cmdline | "C:\Windows\System32\cmd.exe" /c ""C:\Users\test22\AppData\Local\Temp\SviridTweaks\KillDuplicate.cmd" "C:\Users\test22\AppData\Local\Temp\SviridTweaks" "TweaksAlt.exe"" |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Launcher.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\RunAsTI.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\Launcher.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\CustomContextMenu.exe |
file | C:\Users\test22\AppData\Local\Temp\SviridTweaks\InSpectre.exe |
cmdline | "RunAsTI.exe" Windows_Defender_disable.cmd |
cmdline | "RunAsTI.exe" User_Account_Control_Enable.cmd |
cmdline | "RunAsTI.exe" WindowsUpdate_enable.cmd |
process: potential process injection target | winlogon.exe |