Resubmissions
15-10-2024 15:36
241015-s1zlzasdkc 1001-07-2024 18:32
240701-w6yteawhmq 1001-07-2024 14:52
240701-r82wmaxdnd 1001-07-2024 14:52
240701-r8syqa1dpp 1011-03-2024 21:22
240311-z8dsssgg58 1001-09-2021 13:18
210901-5bmxjspa5s 1001-09-2021 13:04
210901-te4btfspqa 1001-09-2021 05:12
210901-4wnkwm1p3j 1031-08-2021 21:47
210831-41rp97dma2 1031-08-2021 19:51
210831-359awwatje 10Analysis
-
max time kernel
85s -
max time network
1814s -
platform
windows11_x64 -
resource
win11 -
submitted
31-08-2021 21:47
General
-
Target
Setup (8).exe
-
Size
631KB
-
MD5
cb927513ff8ebff4dd52a47f7e42f934
-
SHA1
0de47c02a8adc4940a6c18621b4e4a619641d029
-
SHA256
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
-
SHA512
988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
10c753321b3ff323727f510579572aa4c5ea00cb
Attributes
-
url4cnc
https://telete.in/bimboDinotrex
rc4.plain
rc4.plain
Extracted
Family
metasploit
Version
windows/single_exec
Extracted
Family
smokeloader
Version
2020
C2
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
rc4.i32
rc4.i32
Extracted
Family
redline
Botnet
1
C2
37.0.8.88:44263
Signatures
-
Glupteba
Glupteba is a modular loader written in Golang with various components.
-
Glupteba Payload 1 IoCs
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Process spawned unexpected child process 2 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Raccoon
Simple but powerful infostealer which was very active in 2019.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 20 IoCs
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Vidar Stealer 1 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 40 IoCs
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer 9 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 11 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 6 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 21 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 21 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 4 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 2 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies data under HKEY_USERS 40 IoCs
-
Modifies registry class 1 IoCs
-
Script User-Agent 6 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 40 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup (8).exe"C:\Users\Admin\AppData\Local\Temp\Setup (8).exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Documents\59hRlOoNzo2XhPYRPovE8Hc5.exe"C:\Users\Admin\Documents\59hRlOoNzo2XhPYRPovE8Hc5.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\cmd.execmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\Documents\59hRlOoNzo2XhPYRPovE8Hc5.exe"3⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /T 10 /NOBREAK4⤵
- Delays execution with timeout.exe
-
-
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe"C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
C:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exeC:\Users\Admin\Documents\VN0mZnuMuEqaE5GdeIlGsw14.exe3⤵
-
-
-
C:\Users\Admin\Documents\Rdi0HggPiHendYM0cx7AxJ7_.exe"C:\Users\Admin\Documents\Rdi0HggPiHendYM0cx7AxJ7_.exe"2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe"C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
C:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exeC:\Users\Admin\Documents\uimn6eBOjyFxOUoHd39w3L5c.exe3⤵
-
-
-
C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe"C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe ( CREAteobjecT ( "wScRiPT.ShElL" ). RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if """"== """" for %m in ( ""C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe"" ) do taskkill /iM ""%~NXm"" -F" , 0 , TRUE ) )3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if ""== "" for %m in ( "C:\Users\Admin\Documents\b6S4Wt58EbplZzl9cPMCQg5A.exe" ) do taskkill /iM "%~NXm" -F4⤵
-
-
-
-
C:\Users\Admin\Documents\EhDmqGGqM6dK0s2EfNyNA733.exe"C:\Users\Admin\Documents\EhDmqGGqM6dK0s2EfNyNA733.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\EhDmqGGqM6dK0s2EfNyNA733.exe"C:\Users\Admin\Documents\EhDmqGGqM6dK0s2EfNyNA733.exe"3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe"C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 284⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
C:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exeC:\Users\Admin\Documents\OJ4mbpz33VCrnqAvrDfTp_wU.exe3⤵
-
-
-
C:\Users\Admin\Documents\Hrp34fwl_G5D7yEXeg42QMgc.exe"C:\Users\Admin\Documents\Hrp34fwl_G5D7yEXeg42QMgc.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 2403⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"3⤵
-
-
C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"C:\Users\Admin\Documents\hiC39Crn4QO9xL2AA93cEdyO.exe"3⤵
-
-
-
C:\Users\Admin\Documents\6hpgIT7mbpaLAxPnETiwsbow.exe"C:\Users\Admin\Documents\6hpgIT7mbpaLAxPnETiwsbow.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\4n3brPuozyDf3jvcSwmz4hj2.exe"C:\Users\Admin\Documents\4n3brPuozyDf3jvcSwmz4hj2.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"C:\Program Files (x86)\Company\NewProduct\md8_8eus.exe"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Company\NewProduct\cutm3.exe"C:\Program Files (x86)\Company\NewProduct\cutm3.exe"3⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Company\NewProduct\inst001.exe"C:\Program Files (x86)\Company\NewProduct\inst001.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\0TeiKITGjy0VceeLMRkUOiow.exe"C:\Users\Admin\Documents\0TeiKITGjy0VceeLMRkUOiow.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 2763⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\GLXTWxet8b6aWWxcQHVTi9FZ.exe"C:\Users\Admin\Documents\GLXTWxet8b6aWWxcQHVTi9FZ.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe"C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
C:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exeC:\Users\Admin\Documents\RnAhACAohCwtZDJnzvbQPc9z.exe3⤵
-
-
-
C:\Users\Admin\Documents\kP4x1fQurgYkXu0nQaewAK8B.exe"C:\Users\Admin\Documents\kP4x1fQurgYkXu0nQaewAK8B.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\HeRtEHjBo8THz9aTmFFHGqjz.exe"C:\Users\Admin\Documents\HeRtEHjBo8THz9aTmFFHGqjz.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\KBAvfsr.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\KBAvfsr.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2844⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2844⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\FkDS8ej.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\FkDS8ej.exe"3⤵
-
-
-
C:\Users\Admin\Documents\48K8dlSq9RPeLz5uEWnqSBLv.exe"C:\Users\Admin\Documents\48K8dlSq9RPeLz5uEWnqSBLv.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 2763⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 19724⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"C:\Users\Admin\Documents\8IrBxpWjbWNxu81r0bq962iT.exe"3⤵
-
-
-
C:\Users\Admin\Documents\f7SdDrH8TA8__1wfw62SXgEV.exe"C:\Users\Admin\Documents\f7SdDrH8TA8__1wfw62SXgEV.exe"2⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
C:\Users\Admin\Documents\Pa4lQATUky7FzGNeKnPjYZzJ.exe"C:\Users\Admin\Documents\Pa4lQATUky7FzGNeKnPjYZzJ.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\4594341.exe"C:\Users\Admin\AppData\Roaming\4594341.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 968 -s 23124⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 968 -s 23124⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Roaming\1428133.exe"C:\Users\Admin\AppData\Roaming\1428133.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 16284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 16284⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Roaming\8005807.exe"C:\Users\Admin\AppData\Roaming\8005807.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\8756281.exe"C:\Users\Admin\AppData\Roaming\8756281.exe"3⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\3347163.exe"C:\Users\Admin\AppData\Roaming\3347163.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"C:\Users\Admin\AppData\Roaming\WinHost\WinHoster.exe"4⤵
-
-
-
-
C:\Users\Admin\Documents\xsiqkuHtYTHDrh8VWaCy266g.exe"C:\Users\Admin\Documents\xsiqkuHtYTHDrh8VWaCy266g.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 2803⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\Documents\6YcRqyBblSo_8IOHnpwc3jkl.exe"C:\Users\Admin\Documents\6YcRqyBblSo_8IOHnpwc3jkl.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST3⤵
- Creates scheduled task(s)
-
-
-
C:\Users\Admin\Documents\j4gcZWviN2HlsSgUCKkTvkF6.exe"C:\Users\Admin\Documents\j4gcZWviN2HlsSgUCKkTvkF6.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Documents\j4gcZWviN2HlsSgUCKkTvkF6.exe"C:\Users\Admin\Documents\j4gcZWviN2HlsSgUCKkTvkF6.exe" -u3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Documents\KesV5KsQ0VMxysd391GvOKNh.exe"C:\Users\Admin\Documents\KesV5KsQ0VMxysd391GvOKNh.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-8N4T2.tmp\KesV5KsQ0VMxysd391GvOKNh.tmp"C:\Users\Admin\AppData\Local\Temp\is-8N4T2.tmp\KesV5KsQ0VMxysd391GvOKNh.tmp" /SL5="$1025A,138429,56832,C:\Users\Admin\Documents\KesV5KsQ0VMxysd391GvOKNh.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\is-KS6O9.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-KS6O9.tmp\Setup.exe" /Verysilent4⤵
-
-
-
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv VgzX8XPGL0+A4g73U2Jx9w.0.21⤵
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4132 -ip 41321⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2556 -ip 25561⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3736 -ip 37361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
-
C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXEIQ0v_FE_.ExE -poRsuYEMryiLi1⤵
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe ( CREAteobjecT ( "wScRiPT.ShElL" ). RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if ""-poRsuYEMryiLi""== """" for %m in ( ""C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE"" ) do taskkill /iM ""%~NXm"" -F" , 0 , TRUE ) )2⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if "-poRsuYEMryiLi"== "" for %m in ( "C:\Users\Admin\AppData\Local\Temp\IQ0V_Fe_.eXE" ) do taskkill /iM "%~NXm" -F3⤵
-
-
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" VHTDDahA.G,XBvVyh2⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /iM "b6S4Wt58EbplZzl9cPMCQg5A.exe" -F1⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 281⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3392 -ip 33921⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3896 -ip 38961⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global1⤵
- Process spawned unexpected child process
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sqlite.dll",global2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 4523⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 580 -ip 5801⤵
-
C:\Users\Admin\AppData\Local\Temp\BA58.exeC:\Users\Admin\AppData\Local\Temp\BA58.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 2762⤵
- Program crash
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe" /Verysilent1⤵
-
C:\Users\Admin\AppData\Local\Temp\is-D80PI.tmp\stats.tmp"C:\Users\Admin\AppData\Local\Temp\is-D80PI.tmp\stats.tmp" /SL5="$60250,138429,56832,C:\Program Files (x86)\SmartPDF\SmartPDF\stats.exe" /Verysilent2⤵
-
C:\Users\Admin\AppData\Local\Temp\is-IT3RL.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-IT3RL.tmp\Setup.exe" /Verysilent3⤵
-
C:\Users\Admin\Documents\NjBaxYgK5eIOrc9kykgJouqp.exe"C:\Users\Admin\Documents\NjBaxYgK5eIOrc9kykgJouqp.exe"4⤵
-
-
C:\Users\Admin\Documents\kP2CyMUBJgt65s5y5U4mzGGc.exe"C:\Users\Admin\Documents\kP2CyMUBJgt65s5y5U4mzGGc.exe"4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 2765⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\n9V98d7OvflyYVUNm4VP6pKq.exe"C:\Users\Admin\Documents\n9V98d7OvflyYVUNm4VP6pKq.exe"4⤵
-
C:\Users\Admin\Documents\n9V98d7OvflyYVUNm4VP6pKq.exe"C:\Users\Admin\Documents\n9V98d7OvflyYVUNm4VP6pKq.exe"5⤵
-
-
-
C:\Users\Admin\Documents\kRITeRtE7YrYxUI8ufKD7Jwq.exe"C:\Users\Admin\Documents\kRITeRtE7YrYxUI8ufKD7Jwq.exe"4⤵
-
C:\Users\Admin\Documents\kRITeRtE7YrYxUI8ufKD7Jwq.exe"C:\Users\Admin\Documents\kRITeRtE7YrYxUI8ufKD7Jwq.exe" -u5⤵
-
-
-
C:\Users\Admin\Documents\_3ZDmBHZStWMpjSXzuLnGEAr.exe"C:\Users\Admin\Documents\_3ZDmBHZStWMpjSXzuLnGEAr.exe"4⤵
-
C:\Users\Admin\Documents\_3ZDmBHZStWMpjSXzuLnGEAr.exe"C:\Users\Admin\Documents\_3ZDmBHZStWMpjSXzuLnGEAr.exe"5⤵
-
-
-
C:\Users\Admin\Documents\LBmLMCjEV8iztzgmgUly0LgQ.exe"C:\Users\Admin\Documents\LBmLMCjEV8iztzgmgUly0LgQ.exe"4⤵
-
-
C:\Users\Admin\Documents\av9K6bJfo4ZLF7mVeRaj73Fc.exe"C:\Users\Admin\Documents\av9K6bJfo4ZLF7mVeRaj73Fc.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\KBAvfsr.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\KBAvfsr.exe"5⤵
-
-
-
C:\Users\Admin\Documents\Ln4ahps3ySsjFMi7AYex8Nl_.exe"C:\Users\Admin\Documents\Ln4ahps3ySsjFMi7AYex8Nl_.exe"4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 2405⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe"C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe"4⤵
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" VbsCrIPt: cLOSe ( CREAteobjecT ( "wScRiPT.ShElL" ). RUN ( "C:\Windows\system32\cmd.exe /C tYpe ""C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe"" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi & if """"== """" for %m in ( ""C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe"" ) do taskkill /iM ""%~NXm"" -F" , 0 , TRUE ) )5⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C tYpe "C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe" > IQ0V_Fe_.eXE && StaRt IQ0v_FE_.ExE -poRsuYEMryiLi& if ""== "" for %m in ( "C:\Users\Admin\Documents\YHFpgYW4rDl4I81WxCxK5Sow.exe" ) do taskkill /iM "%~NXm" -F6⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /iM "YHFpgYW4rDl4I81WxCxK5Sow.exe" -F7⤵
- Kills process with taskkill
-
-
-
-
-
C:\Users\Admin\Documents\x1feYW62YMEjcrSdU0n1d3h4.exe"C:\Users\Admin\Documents\x1feYW62YMEjcrSdU0n1d3h4.exe"4⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Users\Admin\Documents\x1feYW62YMEjcrSdU0n1d3h4.exe"5⤵
-
-
-
C:\Users\Admin\Documents\JzTIqySQkQeyAKoa586uAZqJ.exe"C:\Users\Admin\Documents\JzTIqySQkQeyAKoa586uAZqJ.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\is-21VTR.tmp\JzTIqySQkQeyAKoa586uAZqJ.tmp"C:\Users\Admin\AppData\Local\Temp\is-21VTR.tmp\JzTIqySQkQeyAKoa586uAZqJ.tmp" /SL5="$1047E,138429,56832,C:\Users\Admin\Documents\JzTIqySQkQeyAKoa586uAZqJ.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\is-TVD5N.tmp\Setup.exe"C:\Users\Admin\AppData\Local\Temp\is-TVD5N.tmp\Setup.exe" /Verysilent6⤵
-
-
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe"C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe"4⤵
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
C:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exeC:\Users\Admin\Documents\AWbUvPpQB5kd99Q5r8wzfZn6.exe5⤵
-
-
-
C:\Users\Admin\Documents\OAem3pbiXPvXUU6Zw9CKbUQs.exe"C:\Users\Admin\Documents\OAem3pbiXPvXUU6Zw9CKbUQs.exe"4⤵
-
C:\Users\Admin\AppData\Roaming\5719396.exe"C:\Users\Admin\AppData\Roaming\5719396.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\6500452.exe"C:\Users\Admin\AppData\Roaming\6500452.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\6504563.exe"C:\Users\Admin\AppData\Roaming\6504563.exe"5⤵
-
-
C:\Users\Admin\AppData\Roaming\1378391.exe"C:\Users\Admin\AppData\Roaming\1378391.exe"5⤵
-
-
-
C:\Users\Admin\Documents\ZBwhXyCdIh3fVZ4NePfSWpzJ.exe"C:\Users\Admin\Documents\ZBwhXyCdIh3fVZ4NePfSWpzJ.exe"4⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe"C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe"4⤵
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
C:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exeC:\Users\Admin\Documents\cGz7dV9tF1a5xO3I9yM9LJJh.exe5⤵
-
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe"C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe"4⤵
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
C:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exeC:\Users\Admin\Documents\Zd_H3XFDD7MsSOuktZxOhXTy.exe5⤵
-
-
-
C:\Users\Admin\Documents\WfN_WzoXp8tTdCAB6fp9qrou.exe"C:\Users\Admin\Documents\WfN_WzoXp8tTdCAB6fp9qrou.exe"4⤵
-
-
C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"4⤵
-
C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"5⤵
-
-
C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"C:\Users\Admin\Documents\y_pY8XoSvT5ysTwooMmfglb1.exe"5⤵
-
-
-
C:\Users\Admin\Documents\7DMtsUr_UDNXhxZ3hZ18UmLY.exe"C:\Users\Admin\Documents\7DMtsUr_UDNXhxZ3hZ18UmLY.exe"4⤵
-
-
C:\Users\Admin\Documents\dT6ysGcbBtFgYulk4yM29RTq.exe"C:\Users\Admin\Documents\dT6ysGcbBtFgYulk4yM29RTq.exe"4⤵
-
-
C:\Users\Admin\Documents\2zxjvjycP7wUPcB8l67hBZn7.exe"C:\Users\Admin\Documents\2zxjvjycP7wUPcB8l67hBZn7.exe"4⤵
-
-
C:\Users\Admin\Documents\PTSh8jeEr1Q_qVSkgLPycrGk.exe"C:\Users\Admin\Documents\PTSh8jeEr1Q_qVSkgLPycrGk.exe"4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 2765⤵
- Program crash
-
-
-
C:\Users\Admin\Documents\XG3CS28KNZjbv0QylxMxf0ll.exe"C:\Users\Admin\Documents\XG3CS28KNZjbv0QylxMxf0ll.exe"4⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST5⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST5⤵
- Creates scheduled task(s)
-
-
-
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\note866.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\note866.exe"1⤵
-
C:\Program Files (x86)\SmartPDF\SmartPDF\LivelyScreenRecS3.0.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\LivelyScreenRecS3.0.exe"1⤵
-
C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe"1⤵
-
C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\lg.exe" -a2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\PBrowFile15.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\PBrowFile15.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\4631548.exe"C:\Users\Admin\AppData\Roaming\4631548.exe"2⤵
-
-
C:\Users\Admin\AppData\Roaming\5355895.exe"C:\Users\Admin\AppData\Roaming\5355895.exe"2⤵
-
-
C:\Users\Admin\AppData\Roaming\1901176.exe"C:\Users\Admin\AppData\Roaming\1901176.exe"2⤵
-
-
C:\Users\Admin\AppData\Roaming\7336083.exe"C:\Users\Admin\AppData\Roaming\7336083.exe"2⤵
-
-
C:\Users\Admin\AppData\Roaming\6386849.exe"C:\Users\Admin\AppData\Roaming\6386849.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\9840432e051a6fa1192594db02b80a4c1fd73456.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\9840432e051a6fa1192594db02b80a4c1fd73456.exe"1⤵
-
C:\Windows\SysWOW64\cmd.execmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q "C:\Program Files (x86)\SmartPDF\SmartPDF\9840432e051a6fa1192594db02b80a4c1fd73456.exe"2⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /T 10 /NOBREAK3⤵
- Delays execution with timeout.exe
-
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"1⤵
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 11788 -s 283⤵
- Program crash
-
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"C:\Program Files (x86)\SmartPDF\SmartPDF\Spadille.exe"2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1276 -ip 12761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 6128 -ip 61281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6200 -ip 62001⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe1⤵
-
C:\Windows\SysWOW64\rundll32.exerUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 4562⤵
- Program crash
-
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\D17C.exeC:\Users\Admin\AppData\Local\Temp\D17C.exe1⤵
-
C:\Windows\system32\rUNdlL32.eXerUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main1⤵
- Process spawned unexpected child process
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 412 -p 968 -ip 9681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7644 -ip 76441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5420 -ip 54201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 10920 -ip 109201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8480 -ip 84801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3632 -ip 36321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 10348 -ip 103481⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7404 -ip 74041⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 9952 -ip 99521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1212 -ip 12121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 10304 -ip 103041⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 11788 -ip 117881⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 404 -ip 4041⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6332 -ip 63321⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 16144 -ip 161441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8384 -ip 83841⤵
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
Disabling Security Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1Web Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
72KB
-
Filesize
64KB
-
Filesize
6.1MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
584KB
-
Filesize
296KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
9.1MB
-
Filesize
12KB
-
Filesize
88KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
512KB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
472KB
-
Filesize
4KB
-
Filesize
5.6MB
-
Filesize
188KB
-
Filesize
6.1MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
844KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
240KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
100KB
-
Filesize
8KB
-
Filesize
188KB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.2MB
-
Filesize
36KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.1MB
-
Filesize
5.6MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB
-
Filesize
6.1MB